ejabberd - Comments for "LDAP filter parse error"

Negation in LDAP search request filters

kostix — Mon, 02 Jun 2008 22:42:08 +0000

While LDAPv3 extensible match is really not yet supported in ejabberd, your search filter is invalid according to RFC 4515 — you should use

(!(userAccountControl:1.2.840.113556.1.4.803:=2))

form.

So for instance "accounts of all users which are not disabled" will be

(&(objectCategory=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))

LDAP filter

d.k.brazz — Mon, 24 Sep 2007 14:06:59 +0000

zinid wrote:

BTW. Is it possible to avoid such filters at all?

MS AD stores info about Account state in bitwise form
1.2.840.113556.1.4.803 - is OID for bitwise AND operator (in MS AD)
http://support.microsoft.com/kb/269181

userAccountControl:1.2.840.113556.1.4.803:=2 - the only way to search for disabled users in MS AD
!userAccountControl:1.2.840.113556.1.4.803:=2 - the only way to search for not disabled (enabled) users in MS AD

another way - manually removing disabled users from "Jabber Users" group

same result

d.k.brazz — Mon, 24 Sep 2007 09:06:47 +0000

badlop wrote:

Maybe some character is not acceptable: there are: ! . :
You could try to put \! or things like that.

I tryed \! \. \: - same result

Re: LDAP filter parse error

zinid — Sat, 22 Sep 2007 02:29:55 +0000

d.k.brazz wrote:

So problem in parse this expression: (!userAccountControl:1.2.840.113556.1.4.803:=2)
I tried to put query whith this filter directly to LDAP server, it correct and it working
I think problem in Erlang or eJabberd filter parser

You are right. Currently it is not possible to parse such expressions.
BTW. Is it possible to avoid such filters at all?

Maybe some character is not

mfoss — Fri, 21 Sep 2007 21:25:18 +0000

Maybe some character is not acceptable: there are: ! . :
You could try to put \! or things like that.