Plugin and OpenVPN Crashes with error after successful LDAP(ActiveDirectory) Query

When a client tries to authenticate to VPN via LDAP, i get the following error in log, after which OpenVPN Server crashes and needs to be restarted.

openvpn: compare.c:114: ldap_compare_ext: Assertion `attr != ((void *)0)' failed.

I can see that the LDAP query was successful as i haven't setup the encryption between LDAP and OpenVPN server, so i was able to sniff the traffic using WireShark. All checks pass and this is the steps taken

Plugin will authenticate to LDAP using User from config file
Plugin will query for username in LDAP if exists.
Plugin will try to bind to LDAP using credentials client has provided
Plugin will then lookup for group membership (since it's setup in config file), the LDAP will return successful search results.
Plugin and server will crash displaying message I've posted above. But bellow is log file since client tried to authenticate:

Wed Jul 24 10:40:34 2019 217.169.208.70:54730 TLS: Initial packet from [AF_INET]217.169.208.69:54730, sid=bcf3c0a3 bdaf2200
Wed Jul 24 10:40:34 2019 217.169.208.69:54730 peer info: IV_VER=2.4.7
Wed Jul 24 10:40:34 2019 217.169.208.69:54730 peer info: IV_PLAT=linux
Wed Jul 24 10:40:34 2019 217.169.208.69:54730 peer info: IV_PROTO=2
Wed Jul 24 10:40:34 2019 217.169.208.69:54730 peer info: IV_NCP=2
Wed Jul 24 10:40:34 2019 217.169.208.69:54730 peer info: IV_LZ4=1
Wed Jul 24 10:40:34 2019 217.169.208.69:54730 peer info: IV_LZ4v2=1
Wed Jul 24 10:40:34 2019 217.169.208.69:54730 peer info: IV_LZO=1
Wed Jul 24 10:40:34 2019 217.169.208.69:54730 peer info: IV_COMP_STUB=1
Wed Jul 24 10:40:34 2019 217.169.208.69:54730 peer info: IV_COMP_STUBv2=1
Wed Jul 24 10:40:34 2019 217.169.208.69:54730 peer info: IV_TCPNL=1
openvpn: compare.c:114: ldap_compare_ext: Assertion `attr != ((void *)0)' failed.

This is the content of ldap.conf

<LDAP>
        URL             ldap://10.0.0.44
        BindDN          "cn=Admin User Name,cn=Users,dc=ot,dc=ov"
        Password        PasSW0rD

        # Network timeout (in seconds)
        Timeout         15

</LDAP>

<Authorization>
        # Base DN
        BaseDN          "dc=ot,dc=ov"

        # User Search Filter
        SearchFilter    "(sAMAccountName=%u)"

        # Require Group Membership
        RequireGroup    true

        <Group>
                BaseDN          "ou=Groups,dc=ot,dc=ov"
                SearchFilter    "(CN=VPN MEMBER)"
        </Group>
</Authorization>

Bellow is server.conf

local ip.ad.dr.ess
port 1194
proto udp
dev tun
crl-verify crl.pem
ca ca.crt
cert server_ZzOOvOzIXZZdeuZU.crt
key server_ZzOOvOzIXZZdeuZU.key  # This file should be kept secret
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
status /var/log/openvpn/status.log
verb 3
dh none
ecdh-curve prime256v1
topology subnet
server 10.0.13.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 10.0.0.0 255.255.0.0"
push "route 10.8.0.0 255.255.0.0"
push "dhcp-option DNS 10.0.0.1"
push "dhcp-option DNS 10.0.0.2"
keepalive 10 120
cipher AES-256-CBC
persist-key
persist-tun
status openvpn-status.log
log         openvpn.log
verb 3
explicit-exit-notify 1
tls-crypt tls-crypt.key 0
plugin /opt/openvpn-ldap-auth/lib/openvpn-auth-ldap.so /etc/openvpn/server/ldap.conf
client-cert-not-required

System that this is running on CentOS Linux release 7.6.1810 (Core) OpenVPN 2.4.7 OpenSSL 1.0.2 OpenLDAP 2.4.44 openvpn-auth-ldap version 2.0.4 compiled locally (but also tried with 2.0.3 from CentOS EPEL repo)

I've noticed that this issue happens ONLY if RequireGroup is true and Group search parameters are set. But even then, all queries sent by plugin to LDAP are OK and LDAP will return successful search results! Any help on resolving the issue is greatly appreciated !

I've also noticed that FIRST query after the server is started always fails, even though Query is successfully received by LDAP and responses sent back to server - and server receives them (also sniffed using Wireshark).

This is log of first login attempt

Wed Jul 24 11:06:10 2019 217.169.208.70:59918 TLS: Initial packet from [AF_INET]217.169.208.69:59918, sid=63d81bcb ab70c4c9
Wed Jul 24 11:06:10 2019 217.169.208.69:59918 peer info: IV_VER=2.4.7
Wed Jul 24 11:06:10 2019 217.169.208.69:59918 peer info: IV_PLAT=linux
Wed Jul 24 11:06:10 2019 217.169.208.69:59918 peer info: IV_PROTO=2
Wed Jul 24 11:06:10 2019 217.169.208.69:59918 peer info: IV_NCP=2
Wed Jul 24 11:06:10 2019 217.169.208.69:59918 peer info: IV_LZ4=1
Wed Jul 24 11:06:10 2019 217.169.208.69:59918 peer info: IV_LZ4v2=1
Wed Jul 24 11:06:10 2019 217.169.208.69:59918 peer info: IV_LZO=1
Wed Jul 24 11:06:10 2019 217.169.208.69:59918 peer info: IV_COMP_STUB=1
Wed Jul 24 11:06:10 2019 217.169.208.69:59918 peer info: IV_COMP_STUBv2=1
Wed Jul 24 11:06:10 2019 217.169.208.69:59918 peer info: IV_TCPNL=1
LDAP search failed: Timed out
LDAP user "user.name" was not found.
Wed Jul 24 11:06:40 2019 217.169.208.69:59918 PLUGIN_CALL: POST /opt/openvpn-ldap-auth/lib/openvpn-auth-ldap.so/PLUGIN_AUTH_USER_PASS_VERIFY status=1
Wed Jul 24 11:06:40 2019 217.169.208.69:59918 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /opt/openvpn-ldap-auth/lib/openvpn-auth-ldap.so
Wed Jul 24 11:06:40 2019 217.169.208.69:59918 TLS Auth Error: Auth Username/Password verification failed for peer
Wed Jul 24 11:06:40 2019 217.169.208.69:59918 SIGTERM[soft,auth-control-exit] received, client-instance exiting

threerings / openvpn-auth-ldap

Plugin and OpenVPN Crashes with error after successful LDAP(ActiveDirectory) Query #72