Can not filter on `userPrincipalName` - Githubissues

dkoudela / active-directory-to-openldap

An attempt to provide tools and LDIF schemas for conversion of Active Directory structures to OpenLdap.

Apache License 2.0

119 stars 36 forks source link

Can not filter on `userPrincipalName` #4

Closed robin-thoni closed 4 years ago

robin-thoni commented 5 years ago

First, thank you so much for this work, it helped me A LOT.

I encountered a strange thing, which is I can not filter on userPrincipalName attribute: (userPrincipalName=robin.thoni@xxx) was not giving any result, but (userPrincipalName=*) was returning all object with a userPrincipalName attribute...

I added EQUALITY caseIgnoreMatch to the userPrincipalName attribute, and now it works.

Maybe you have a better fix? Anyway, I think filtering on userPrincipalName is pretty important, so maybe you should include it...

dkoudela commented 5 years ago

You are welcome!

I think it is required to add matching rule to the LDAP server to have filtering working per particular attribute. You did it finally, so, it is working now.

dkoudela commented 5 years ago

Moreover, every matching rule has to have its index. Therefore it consumes memory.

It is up to LDAP admin to define what attributes have to be indexed.

robin-thoni commented 5 years ago

I was just thinking that filtering on userPrincipalName is pretty important in an AD, so it could be included by default to avoid others the struggle :)

dkoudela commented 4 years ago

Done.