[email protected] wrote: > (&(objectclass=user)(!(objectclass=Computer))(!(*UserAccountControl:1.2.840.113556.1.4.803:=2*))) > > If I connect AD server directly, all is OK, I get a search result. But sending > this search to Meta, does not work. > > *Log:* > slapd[22461]: conn=1004 op=3 SRCH base="dc=meta,dc=pov" scope=2 deref=2 > filter="(&(?objectClass=user)(!(?objectClass=Computer))( *?=error* ))"
First I'd try to add the object classes 'user' and 'computer' and the attribute type userAccountControl to the local OpenLDAP schema. See slapd-ldap(5) for a note about schema and filters. Not sure whether the non-existing matching rule 1.2.840.113556.1.4.803 can be used though. You cannot just declare matching rules in OpenLDAP's schema files. Ciao, Michael.
