When using custom LDAP attributes, Samba seems to recognize the searchFlags confidential flag on custom attributes and hides them from all non-admin users. However, the values of the attributes can still be guessed efficiently by brute forcing them one character after another in a wildcard search query.
External Reference: https://www.samba.org/samba/security/CVE-2018-10919.html
Created samba tracking bugs for this issue: Affects: fedora-all [bug 1617911]
Acknowledgments: Name: Phillip Kuhrt (the Samba project)
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-10919