Hello,

Has anyone here ever had the unpleasant experience with the AD driver,
that it returns totally invalid instances to queries?

With invalid I mean if the query is a subtree query for a user and
matches on the employeeID attribute, the driver returns an instance for
user B.

It actually didn't matter if the employeeID didn't exist on any object
or what value the query had, it would always return the same instance!

I couldn't believe the trace and I actually sent manual queries using
the LDAP API
(https://www.novell.com/documentation.../dirxmlbk/api/)
with totally made up employeeID values, and I still got a response back.

This had the unfortunate effect that matching didn't work correctly and
a number of other side effects since everything that relied on that the
data returned was correct broke down.

It was like this for a 4-5 days and after I restarted the driver it
started acting normally again, i.e. I can't reproduce it.

Any way, IDM Engine is 4.0.2.7 on Linux, AD driver is 4.0.2.0. Running
on a DC with Windows 2012 R2.

Thanks.

-alekz