RHDS - Which ACI to allow Search Right if the filter contains non-existing attribute?

Solution Verified - Updated -

Issue

Customer has an application doing LDAP queries with filters which may contain attributes that don't exist in the RHDS schema.

For instance:

# ldapsearch -D  "uid=searchUser,dc=example,dc=com" -W  -b "cn=users,dc=example,dc=com" \
"(&(objectclass=person)(|(uSNChanged>=0)(modifyTimestamp>=19700101080000Z))(uid=*))"

The search request was not returning any entry.

"uSNChanged" is an Active Directory attribute:

When "uSNChanged" is removed from the search filter, the expected entries are returned:

#ldapsearch -D "uid=searchUser,dc=example,dc=com" -W  -b "cn=users,dc=example,dc=com" \
"(&(objectclass=person)(|(modifyTimestamp>=19700101080000Z))(uid=*))"

...

# numResponses: 42
# numEntries: 41

Environment

Red Hat Directory Server 9
Red Hat Directory Server 10
Red Hat Enterprise Linux 6.x
Red Hat Enterprise Linux 7.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.