Openfire 3.10.2, LDAP env, advanced search problem

Hi, All,

Currently observing problem with search function on Openfire 3.10.2, LDAP env.

Seems to me there is at least a search problem with wildcard.

for example1: just search net

logs on LDAP server:

Person)(objectClass=inetUser))(memberOf=cn=,ou=groups,ou=openfire,ou=services,o u=accounts,dc=company,dc=com)(inetUserStatus=enabled)))(uid=net))" attrs=“uid”

[31/Jul/2015:05:50:58 -0700] conn=7458 op=2964 SRCH base=“ou=accounts,dc=company,dc=com” scope=2 filter="(&(&(uid=)(&(|(objectClass=organizationalPerson)(objectClass=inetUser) )(memberOf=cn=,ou=groups,ou=openfire,ou=services,ou=accounts,dc=company,dc=com) (inetUserStatus=enabled)))(cn=net*))" attrs=“uid”

[31/Jul/2015:05:50:58 -0700] conn=7458 op=2965 SRCH base=“ou=accounts,dc=company,dc=com” scope=2 filter="(&(&(uid=)(&(|(objectClass=organizationalPerson)(objectClass=inetUser) )(memberOf=cn=,ou=groups,ou=openfire,ou=services,ou=accounts,dc=company,dc=com) (inetUserStatus=enabled)))(mail=net*))" attrs=“uid”

found 2 record which start from net…

example2: trying to search net*

[31/Jul/2015:05:52:06 -0700] conn=7458 op=3116 SRCH base=“ou=accounts,dc=company,dc=com” scope=2 filter="(&(&(uid=)(&(|(objectClass=organizationalPerson)(objectClass=inetUser) )(memberOf=cn=,ou=groups,ou=openfire,ou=services,ou=accounts,dc=company,dc=com) (inetUserStatus=enabled)))(uid=net\2A*))" attrs=“uid”

[31/Jul/2015:05:52:07 -0700] conn=7458 op=3117 SRCH base=“ou=accounts,dc=company,dc=com” scope=2 filter="(&(&(uid=)(&(|(objectClass=organizationalPerson)(objectClass=inetUser) )(memberOf=cn=,ou=groups,ou=openfire,ou=services,ou=accounts,dc=company,dc=com) (inetUserStatus=enabled)))(cn=net\2A*))" attrs=“uid”

[31/Jul/2015:05:52:07 -0700] conn=7458 op=3118 SRCH base=“ou=accounts,dc=company,dc=com” scope=2 filter="(&(&(uid=)(&(|(objectClass=organizationalPerson)(objectClass=inetUser) )(memberOf=cn=,ou=groups,ou=openfire,ou=services,ou=accounts,dc=company,dc=com) (inetUserStatus=enabled)))(mail=net\2A*))" attrs=“uid”

there is no any result records

at the same time there are a lot of net* OR net records

bug?

thanks a lot for you time

alex

Well, you are searching for something else:

(inetUserStatus=enabled)))(mail=net*))" <— looks for users which have a mail attribute starting with net

(inetUserStatus=enabled)))(mail=net\2A*))" <-- looks for users which have a mail attribute starting with net* (mail addresses containing explicitly an asterisk)

Which LDAP settings did you put into which field?

Also, the queries themselves make a wrong assumption (and you might have fallen for that trap):

(&

(&

(uid=*)

(&

(|

(objectClass=organizationalPerson)

(objectClass=inetUser)

)

(memberOf=cn=*,ou=groups,ou=openfire,ou=services,ou=accounts,dc=company,dc=com)

(inetUserStatus=enabled)

)

)

(cn=net*)

)

searches for something that has the attribute uid (filled with any value) and has the objectclass organizationalPerson or inetUser and the attributes memberOf and inetUserStatus set to some value…

These two attributes are only available if you have the objectClass inetUser, so unless you have non-schema conforming entries in your LDAP, there will never be an entry which only has the objectclass organizationalPerson.

Above query is effectively reduced to:

(&

(uid=*)

(objectClass=inetUser)

(memberOf=cn=*,ou=groups,ou=openfire,ou=services,ou=accounts,dc=company,dc=com)

(inetUserStatus=enabled)

(cn=net*)

)