I am using python library ldap3 to send requests to the servers to query user objects that are not disabled and have a display name or email that contains the user input:
query = "(&(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(|(displayName={0}*)(mail={0}*))".format(value)
I followed what I think the documentation says about forming LDAP filters, but I am getting an incorrect LDAP filter error message:
LDAPInvalidFilterError: malformed filter
I played around with it and this works:
query = "(&(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(displayName={0}*))".format(value)
I haven't been able to construct a filter using | yet. How should the query be constructed?
not sure if this is a bug in ldap3 or if the strict adherence to RFC 4515, but I had this same issue and managed to resolve it partly due to this post, so hopefully this helps someone else.
https://ldap3.readthedocs.io/en/latest/searches.html https://www.rfc-editor.org/rfc/rfc4515
I was testing the following query which worked perfectly fine using ldp.exe:
(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2)(|(userprincipalname={0})(samaccountname={0})(distinguishedname={0})))
I tried a couple of different variations and like yourself, just changing the OR (pipe) to AND (ampersand) allowed the query to run without error.
In the end, I resolved it by adding brackets to my NOT assertion, based on an example in the ldap3 documentation link above.
This query works for me without the "malformed filter" error:
(&(objectCategory=person)(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(|(userprincipalname={0})(samaccountname={0})(distinguishedname={0})))