LDAP and Active Directory – dang, I’'ve never had this much of a problem with LDAP filters (use ''em for other things).
For example, this filter:
(!memberOf=cn=NoPrivileges,ou=Groups,dc=domain,dc=local)
should eliminate members of that security group. However, the negation doesn’‘t seem to work (the "can’'t log in to even find out" problem).
Is there a need for something equivalent for ! to for *? How on earth to do negation in LDAP queries?