tlater-famedly
commented
2 months ago We have tested this against the server set up by @nikzen in #15, but couldn't reproduce this behavior on our infrastructure.
More testing with @sebastian-de suggests that this is caused by us using an attribute filter (instead of *) - for some reason the customer AD does not send most values we ask for, showing the exact opposite behavior of lldap.
Some are still sent, which is utterly confusing. We tried some variations to ensure this isn't case sensitivity or anything, but nothing helped.
For now we'll add a setting to query for attributes with *, anticipating that other instances might have lldap-like behavior.
When running against AD, search results only list a small number of attributes. AIUI this happens when an LDAP server doesn't get an explicit
objectClass, however even when we've supplied one this doesn't work.The filter we have tested is somewhat like:
(&(memberOf=<grup-address>)(objectClass=organizationalPerson))Notably this is different from filters we have tested so far, but we can't currently account for AD anyway.