Symantec Access Management

  • Private Community

  • 1.  Wrong syntax of LDAP search filter

    Posted Jun 27, 2017 11:01 AM

    Hi,

     

    I am receiving errors like 

    [28745/58][Tue Jun 27 2017 10:52:51][SmDsLdapProvider.cpp:1711][ERROR][sm-Ldap-00650] CSmDsLdapProvider::Search(): Wrong syntax of LDAP search filter: (&(samaccountname=)(sAMAccountType=805306368)(!(useraccountcontrol=546)))
    [28745/34][Tue Jun 27 2017 10:52:51][SmDsLdapProvider.cpp:1711][ERROR][sm-Ldap-00650] CSmDsLdapProvider::Search(): Wrong syntax of LDAP search filter: (&(SamAccountName=)(objectclass=user)(!(useraccountcontrol=514))(!(useraccountcontrol=546)))
    [28745/34][Tue Jun 27 2017 10:52:51][SmDsLdapProvider.cpp:1711][ERROR][sm-Ldap-00650] CSmDsLdapProvider::Search(): Wrong syntax of LDAP search filter: (&(mail=)(sAMAccountType=805306368)(!(useraccountcontrol=546)))
    [28745/34][Tue Jun 27 2017 10:52:52][SmDsLdapProvider.cpp:1711][ERROR][sm-Ldap-00650] CSmDsLdapProvider::Search(): Wrong syntax of LDAP search filter: (&(samaccountname=)(sAMAccountType=805306368)(!(useraccountcontrol=546)))
    [28745/56][Tue Jun 27 2017 10:52:54][SmDsLdapProvider.cpp:1711][ERROR][sm-Ldap-00650] CSmDsLdapProvider::Search(): Wrong syntax of LDAP search filter: (&(SamAccountName=)(objectclass=user)(!(useraccountcontrol=514))(!(useraccountcontrol=546)))
    [28745/56][Tue Jun 27 2017 10:52:55][SmDsLdapProvider.cpp:1711][ERROR][sm-Ldap-00650] CSmDsLdapProvider::Search(): Wrong syntax of LDAP search filter: (&(mail=)(sAMAccountType=805306368)(!(useraccountcontrol=546)))
    [28745/56][Tue Jun 27 2017 10:52:56][SmDsLdapProvider.cpp:1711][ERROR][sm-Ldap-00650] CSmDsLdapProvider::Search(): Wrong syntax of LDAP search filter: (&(samaccountname=)(sAMAccountType=805306368)(!(useraccountcontrol=546)))

     

    on my policy server.

     

    I searched for similar error, and got the below link Wrong syntax of LDAP search filter 

    It says about the extra space in search filter, but in my case i do not notice any extra space, hence I am not able to find what might be causing these alerts on the server.

     

    Regards,

    Pankaj Sharma



  • 2.  Re: Wrong syntax of LDAP search filter

    Broadcom Employee
    Posted Jun 27, 2017 12:33 PM

    Hi Pankaj,

    It is possible that you are seeing this error due to the fact the backend LDAP server is looking for missing value for first parameter in your filter and failing to do so, smps log is throwing this generic error of 'Wrong syntax of LDAP search filter'?

    i.e. all examples in snippet you provided has filer with (samaccountname=) or (mail=).

    If you compare this to what you found in published technical document (where the same error was reported for having a space... which obviously doesn't apply in your case), you will notice that every attribute that is part of a search filter has a value assigned to it.

    I recommend try assign a value to 'mail' or 'samaccountname' and see if that makes any difference.

    Thanks,
    Hitesh



  • 3.  Re: Wrong syntax of LDAP search filter

    Posted Jun 27, 2017 07:25 PM

    Hi Pankaj, 

     

    I would still go ahead and try setting EnableSearchFilterCheck registry.

    Also , what version are you on. I know there were some known issue in the past with the ldap searches.


    Regards,

    Ujwol



  • 4.  Re: Wrong syntax of LDAP search filter

    Posted Jun 30, 2017 10:01 AM

    HI Ujwol,

     

    The policy server version being used is

    ProductName=CA SiteMinder Policy Server

    FullVersion=12.52.101.640

     

    Regards,

    Pankaj Sharma



  • 5.  RE: Re: Wrong syntax of LDAP search filter

    Posted Sep 21, 2020 04:37 PM

    I am facing exact same issue, where I see the search filter does not have the username in it. I feel siteminder is not receving the username. Any idea how to fix this? 

    Mine is a fresh installation of 12.8 SP2


    Original Message