Support (!(userAccountControl:1.2.840.113556.1.4.803:=2)) query

[mlesin]

This query is essential to mock Active Directory service.

I think it will be enough just ignore this filter rule.

Right now, mokapi fails this query:

ldapsearch -x -h localhost -p 389 -b "dc=example,dc=com" "(!(userAccountControl:1.2.840.113556.1.4.803:=2))"

with this:

time="2025-12-25T00:39:10+03:00" level=error msg="ldap error: unsupported filter 9 requested"

time="2025-12-25T00:39:10+03:00" level=error msg="ldap panic: runtime error: invalid memory address or nil pointer dereference"

[marle3003]

Thanks for raising this!

This is now supported in Mokapi.

Mokapi has added support for the ExtensibleMatch filter, including use cases like memberOf queries, so search filters of this form now work as expected.

The change is available in the latest release. If you run into any edge cases or have additional filter types you’d like to see supported, feel free to open a follow-up issue.