[GH-ISSUE #763] [BUG] LDAP: Filtering custom attributes by value doesn't work #278

New issue

Closed

opened 2026-02-27 08:16:19 +03:00 by kerem · 2 comments

kerem commented

2026-02-27 08:16:19 +03:00

Owner

Originally created by @nitnelave on GitHub (Dec 15, 2023).
Original GitHub issue: https://github.com/lldap/lldap/issues/763

Describe the bug
We search with the straight-up string given by LDAP, whereas we should use the schema to parse the attribute value and serialize it.

Note that repeated attributes cannot be searched by values.

Originally created by @nitnelave on GitHub (Dec 15, 2023). Original GitHub issue: https://github.com/lldap/lldap/issues/763 **Describe the bug** We search with the straight-up string given by LDAP, whereas we should use the schema to parse the attribute value and serialize it. Note that repeated attributes cannot be searched by values.

kerem

2026-02-27 08:16:19 +03:00

closed this issue
added the
bug

backend

ldap

rust
labels

kerem commented

2026-02-27 08:16:21 +03:00

Author

Owner

@rabidpug commented on GitHub (Jan 14, 2024):

Note that repeated attributes cannot be searched by values.

Does this mean that it's expected that lists cannot be used in filters currently?
And if yes, is it something that will be implemented in the future?

@rabidpug commented on GitHub (Jan 14, 2024): > Note that repeated attributes cannot be searched by values. Does this mean that it's expected that lists cannot be used in filters currently? And if yes, is it something that will be implemented in the future?

kerem commented

2026-02-27 08:16:21 +03:00

Author

Owner

@nitnelave commented on GitHub (Jan 14, 2024):

@rabidpug no, attributes lists cannot be used in filters.

Supporting that would require a major redesign of the backend and would add significant complexity to the project, to the point that it might be just easier to use a standard LDAP server.

It all comes from the design decisions taken early on in the project: the data is stored in SQL as simple tables. When adding custom attributes, we have to serialize them to store them in the database. Lists are serialized as a single value, and the SQL engine doesn't understand the serialization. We could write a filter like "does the list contain exactly these values in this order" but that's not very helpful.

@nitnelave commented on GitHub (Jan 14, 2024): @rabidpug no, attributes lists cannot be used in filters. Supporting that would require a major redesign of the backend and would add significant complexity to the project, to the point that it might be just easier to use a standard LDAP server. It all comes from the design decisions taken early on in the project: the data is stored in SQL as simple tables. When adding custom attributes, we have to serialize them to store them in the database. Lists are serialized as a single value, and the SQL engine doesn't understand the serialization. We could write a filter like "does the list contain exactly these values in this order" but that's not very helpful.

kerem referenced this issue

2026-02-27 08:18:21 +03:00

[PR #278] [MERGED] Misc small fixes. #657