starred/lldap-lldap

Fork 0

mirror of https://github.com/lldap/lldap.git synced 2026-04-25 00:05:50 +03:00

[GH-ISSUE #1308] [FEATURE REQUEST] Implement GreaterOrEqual filter for builtin timestamps #457

New issue

Open

opened 2026-02-27 08:17:23 +03:00 by kerem · 6 comments

kerem commented

2026-02-27 08:17:23 +03:00

Owner

Originally created by @hendrik1120 on GitHub (Oct 3, 2025).
Original GitHub issue: https://github.com/lldap/lldap/issues/1308

Motivation
When integrating TrueNAS Scale with LLDAP, the resulting query fails:

Server is unwilling to perform(53), Unsupported user filter: GreaterOrEqual("modifyTimestamp", "2025-10-02T23:34:14.186931460+00:00")

Describe the solution you'd like
Implement the GreaterOrEqual filter

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered. You can include workarounds that are currently possible.

Additional context
Add any other context or screenshots about the feature request here.

Originally created by @hendrik1120 on GitHub (Oct 3, 2025). Original GitHub issue: https://github.com/lldap/lldap/issues/1308 **Motivation** When integrating TrueNAS Scale with LLDAP, the resulting query fails: ``` Server is unwilling to perform(53), Unsupported user filter: GreaterOrEqual("modifyTimestamp", "2025-10-02T23:34:14.186931460+00:00") ``` **Describe the solution you'd like** Implement the GreaterOrEqual filter **Describe alternatives you've considered** A clear and concise description of any alternative solutions or features you've considered. You can include workarounds that are currently possible. **Additional context** Add any other context or screenshots about the feature request here.

kerem added the

enhancement

label

2026-02-27 08:17:23 +03:00

kerem commented

2026-02-27 08:17:24 +03:00

Author

Owner

@CtrlC-Root commented on GitHub (Nov 15, 2025):

This also happens with SSSD. I'm not sure if theres a way to disable it via SSSD's configuration or not.

@CtrlC-Root commented on GitHub (Nov 15, 2025): This also happens with SSSD. I'm not sure if theres a way to disable it via SSSD's configuration or not.

kerem commented

2026-02-27 08:17:24 +03:00

Author

Owner

@hendrik1120 commented on GitHub (Nov 16, 2025):

I had no issues with the SSSD example config: https://github.com/lldap/lldap/blob/main/example_configs/pam/README.md
Maybe you can adapt it to your needs in the meantime.

@hendrik1120 commented on GitHub (Nov 16, 2025): I had no issues with the SSSD example config: https://github.com/lldap/lldap/blob/main/example_configs/pam/README.md Maybe you can adapt it to your needs in the meantime.

kerem commented

2026-02-27 08:17:24 +03:00

Author

Owner

@CtrlC-Root commented on GitHub (Nov 16, 2025):

I had no issues with the SSSD example config: https://github.com/lldap/lldap/blob/main/example_configs/pam/README.md Maybe you can adapt it to your needs in the meantime.

The example config doesn't work for me. I had to make a few changes to get SSSD working and I documented them here https://github.com/lldap/lldap/issues/739#issuecomment-3238171290. This works for a while until SSSD tries to issue a query with GreaterOrEqual, which fails, so it marks the backend as offline, and it stops trying to use it until I restart SSSD. I'll check the manual sometime and see if there's some way to disable this behavior but nothing jumped out at me the last time I looked.

@CtrlC-Root commented on GitHub (Nov 16, 2025): > I had no issues with the SSSD example config: https://github.com/lldap/lldap/blob/main/example_configs/pam/README.md Maybe you can adapt it to your needs in the meantime. The example config doesn't work for me. I had to make a few changes to get SSSD working and I documented them here https://github.com/lldap/lldap/issues/739#issuecomment-3238171290. This works for a while until SSSD tries to issue a query with `GreaterOrEqual`, which fails, so it marks the backend as offline, and it stops trying to use it until I restart SSSD. I'll check the manual sometime and see if there's some way to disable this behavior but nothing jumped out at me the last time I looked.

kerem commented

2026-02-27 08:17:24 +03:00

Author

Owner

@hendrik1120 commented on GitHub (Nov 16, 2025):

That's from Aug 29, I updated the example

@hendrik1120 commented on GitHub (Nov 16, 2025): That's from Aug 29, I updated the example

kerem commented

2026-02-27 08:17:24 +03:00

Author

Owner

@laurent-so-1 commented on GitHub (Dec 26, 2025):

Hi,

I encountered this error while configuring SSSD.
It seems to occur when SSSD enumerates users and groups.

After setting enumerate = False (man) under the domain block, the error no longer appears in the logs.
Running getent passwd <name|ID> or getent group <name|ID> output the expected results.
Login and SSH keys are also working fine.

Not sure if there is an equivalent option on TrueNAS.

@laurent-so-1 commented on GitHub (Dec 26, 2025): Hi, I encountered this error while configuring SSSD. It seems to occur when SSSD enumerates users and groups. After setting `enumerate = False` ([man](https://linux.die.net/man/5/sssd.conf#:~:text=limit\)%20for%20max_id-,enumerate,-\(bool\))) under the domain block, the error no longer appears in the logs. Running `getent passwd <name|ID>` or `getent group <name|ID>` output the expected results. Login and SSH keys are also working fine. Not sure if there is an equivalent option on TrueNAS.

kerem commented

2026-02-27 08:17:24 +03:00

Author

Owner

@CtrlC-Root commented on GitHub (Dec 26, 2025):

Hi,

I encountered this error while configuring SSSD. It seems to occur when SSSD enumerates users and groups.

After setting enumerate = False (man%20for%20max_id-,enumerate,-(bool))) under the domain block, the error no longer appears in the logs. Running getent passwd <name|ID> or getent group <name|ID> output the expected results. Login and SSH keys are also working fine.

Not sure if there is an equivalent option on TrueNAS.

Oh nice, that fixes the issue for me as well, although I would prefer being able to use enumerate = True so I can see users and groups. It does work the first time SSSD queries LLDAP just not any time after that when it wants to use the GreaterorEqual comparison apparently.

@CtrlC-Root commented on GitHub (Dec 26, 2025): > Hi, > > I encountered this error while configuring SSSD. It seems to occur when SSSD enumerates users and groups. > > After setting `enumerate = False` ([man](https://linux.die.net/man/5/sssd.conf#:~:text=limit)%20for%20max_id-,enumerate,-(bool))) under the domain block, the error no longer appears in the logs. Running `getent passwd <name|ID>` or `getent group <name|ID>` output the expected results. Login and SSH keys are also working fine. > > Not sure if there is an equivalent option on TrueNAS. Oh nice, that fixes the issue for me as well, although I would prefer being able to use `enumerate = True` so I can see users and groups. It does work the first time SSSD queries LLDAP just not any time after that when it wants to use the `GreaterorEqual` comparison apparently.