[GH-ISSUE #1249] [BUG] Schema breaks query with `memberof` attribute #442

New issue

Closed

opened 2026-02-27 08:17:19 +03:00 by kerem · 2 comments

kerem commented

2026-02-27 08:17:19 +03:00

Owner

Originally created by @deuill on GitHub (Aug 20, 2025).
Original GitHub issue: https://github.com/lldap/lldap/issues/1249

Originally assigned to: @Copilot on GitHub.

Describe the bug

Seen with ldap3 library in a script written in Python, but it seems that performing a search with a memberof attribute will fail on 0.6.2, but would succeed in 0.6.1.

To Reproduce

Sample script:

from ldap3 import Server, Connection, AUTO_BIND_NO_TLS
from ldap3.utils.conv import escape_filter_chars

ldap_bind_dn = "admin,ou=people,dc=ldap,dc=local"
ldap_password = "admin"

ldap_base_dn = "ou=people,dc=ldap,dc=local"
ldap_search_filter = "(&(memberof=cn=test_user,ou=groups,dc=ldap,dc=local)(|(uid={username})(mail={username})))"


def main():
    server = Server("localhost", port=389)
    connection = Connection(
        server, user=ldap_bind_dn, password=ldap_password, auto_bind=AUTO_BIND_NO_TLS
    )
    username="test@test.com"
    connection.search(
        search_base=ldap_base_dn,
        search_filter=ldap_search_filter.format(username=escape_filter_chars(username)),
        search_scope=SUBTREE,
        attributes=["uid"],
        time_limit=15,
    )

This will fail with ldap3.core.exceptions.LDAPAttributeError: invalid attribute memberOf on the last call to connection.search().

Expected behavior

Using memberof attribute should succeed in this case.

Logs

lldap-python-ldap3-fail.log

Originally created by @deuill on GitHub (Aug 20, 2025). Original GitHub issue: https://github.com/lldap/lldap/issues/1249 Originally assigned to: @Copilot on GitHub. **Describe the bug** Seen with `ldap3` library in a script written in Python, but it seems that performing a search with a `memberof` attribute will fail on 0.6.2, but would succeed in 0.6.1. **To Reproduce** Sample script: ```python from ldap3 import Server, Connection, AUTO_BIND_NO_TLS from ldap3.utils.conv import escape_filter_chars ldap_bind_dn = "admin,ou=people,dc=ldap,dc=local" ldap_password = "admin" ldap_base_dn = "ou=people,dc=ldap,dc=local" ldap_search_filter = "(&(memberof=cn=test_user,ou=groups,dc=ldap,dc=local)(|(uid={username})(mail={username})))" def main(): server = Server("localhost", port=389) connection = Connection( server, user=ldap_bind_dn, password=ldap_password, auto_bind=AUTO_BIND_NO_TLS ) username="test@test.com" connection.search( search_base=ldap_base_dn, search_filter=ldap_search_filter.format(username=escape_filter_chars(username)), search_scope=SUBTREE, attributes=["uid"], time_limit=15, ) ``` This will fail with `ldap3.core.exceptions.LDAPAttributeError: invalid attribute memberOf` on the last call to `connection.search()`. **Expected behavior** Using `memberof` attribute should succeed in this case. **Logs** [lldap-python-ldap3-fail.log](https://github.com/user-attachments/files/21901255/lldap-python-ldap3-fail.log)

kerem

2026-02-27 08:17:19 +03:00

closed this issue
added the
bug
label

kerem commented

2026-02-27 08:17:19 +03:00

Author

Owner

@nitnelave commented on GitHub (Aug 20, 2025):

The problem is that in the schema returned by LLDAP, there is no mention of the memberOf attribute. We need to add that to the response.

@nitnelave commented on GitHub (Aug 20, 2025): The problem is that in the schema returned by LLDAP, there is no mention of the memberOf attribute. We need to add that to the response.

kerem commented

2026-02-27 08:17:19 +03:00

Author

Owner

@nitnelave commented on GitHub (Aug 21, 2025):

Should be fixed now!

@nitnelave commented on GitHub (Aug 21, 2025): Should be fixed now!