RHDS - Which ACI to allow Search Right if the filter contains non-existing attribute?

Solution Verified - Updated -

Issue

Customer has an application doing LDAP queries with filters which may contain attributes that don't exist in the RHDS schema.

For instance:

# ldapsearch -D  "uid=searchUser,dc=example,dc=com" -W  -b "cn=users,dc=example,dc=com" \
"(&(objectclass=person)(|(uSNChanged>=0)(modifyTimestamp>=19700101080000Z))(uid=*))"

The search request was not returning any entry.

"uSNChanged" is an Active Directory attribute:

When "uSNChanged" is removed from the search filter, the expected entries are returned:

#ldapsearch -D "uid=searchUser,dc=example,dc=com" -W  -b "cn=users,dc=example,dc=com" \
"(&(objectclass=person)(|(modifyTimestamp>=19700101080000Z))(uid=*))"

...

# numResponses: 42
# numEntries: 41

Environment

Red Hat Directory Server 9
Red Hat Directory Server 10
Red Hat Enterprise Linux 6.x
Red Hat Enterprise Linux 7.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content