Changing my base to the root of my domain should not effect results using a search filter based on an object's attribute. The admin account is most definitely in the openfire-users group (verified this many times while i was testing this on my own and before replying here again). I really don't think this has anything to do with the attributes I'm using or how the filter is formed since it works perfectly when used with ldapsearch and when used to filter other application's searches. I think I need some way to make the debug logging verbose enough to see the search filter that's actually being passed to my ldap. I'm not confident that openfire is forming the query correctly since the same filter works everywhere else.
↧