diff --git a/resources/lib/UnityLDAP.php b/resources/lib/UnityLDAP.php
index eef04195..6e235bc8 100644
--- a/resources/lib/UnityLDAP.php
+++ b/resources/lib/UnityLDAP.php
@@ -169,7 +169,11 @@ private function getAllUIDNumbersInUse(): array
         // use baseOU for awareness of externally managed entries
         return array_map(
             fn($x) => $x["uidnumber"][0],
-            $this->baseOU->getChildrenArray(["uidNumber"], true, "(objectClass=posixAccount)"),
+            $this->baseOU->getChildrenArrayStrict(
+                ["uidNumber"],
+                true,
+                "(objectClass=posixAccount)",
+            ),
         );
     }
 
@@ -178,7 +182,7 @@ private function getAllGIDNumbersInUse(): array
         // use baseOU for awareness of externally managed entries
         return array_map(
             fn($x) => $x["gidnumber"][0],
-            $this->baseOU->getChildrenArray(["gidNumber"], true, "(objectClass=posixGroup)"),
+            $this->baseOU->getChildrenArrayStrict(["gidNumber"], true, "(objectClass=posixGroup)"),
         );
     }
 
@@ -227,13 +231,16 @@ public function getQualifiedUsers(
         return $out;
     }
 
-    public function getQualifiedUsersAttributes(array $attributes): array
-    {
+    public function getQualifiedUsersAttributes(
+        array $attributes,
+        array $default_values = [],
+    ): array {
         $include_uids = $this->getQualifiedUsersUIDs();
-        $user_attributes = $this->baseOU->getChildrenArray(
+        $user_attributes = $this->baseOU->getChildrenArrayStrict(
             $attributes,
             true, // recursive
             "(objectClass=posixAccount)",
+            $default_values,
         );
         foreach ($user_attributes as $i => $attributes) {
             if (!in_array($attributes["uid"][0], $include_uids)) {
@@ -283,16 +290,21 @@ public function getAllPIGroups(
         return $out;
     }
 
-    public function getAllPIGroupsAttributes(array $attributes): array
+    public function getAllPIGroupsAttributes(array $attributes, array $default_values = []): array
     {
-        return $this->pi_groupOU->getChildrenArray($attributes);
+        return $this->pi_groupOU->getChildrenArrayStrict(
+            $attributes,
+            false, // non-recursive
+            "objectClass=posixGroup",
+            $default_values,
+        );
     }
 
     public function getPIGroupGIDsWithMemberUID(string $uid): array
     {
         return array_map(
             fn($x) => $x["cn"][0],
-            $this->pi_groupOU->getChildrenArray(
+            $this->pi_groupOU->getChildrenArrayStrict(
                 ["cn"],
                 false,
                 "(memberuid=" . ldap_escape($uid, LDAP_ESCAPE_FILTER) . ")",
@@ -300,14 +312,16 @@ public function getPIGroupGIDsWithMemberUID(string $uid): array
         );
     }
 
-    public function getAllPIGroupOwnerAttributes(array $attributes): array
-    {
+    public function getAllPIGroupOwnerAttributes(
+        array $attributes,
+        array $default_values = [],
+    ): array {
         // get the PI groups, filter for just the GIDs, then map the GIDs to owner UIDs
         $owner_uids = array_map(
             fn($x) => UnityGroup::GID2OwnerUID($x),
-            array_map(fn($x) => $x["cn"][0], $this->pi_groupOU->getChildrenArray(["cn"])),
+            array_map(fn($x) => $x["cn"][0], $this->pi_groupOU->getChildrenArrayStrict(["cn"])),
         );
-        $owner_attributes = $this->getQualifiedUsersAttributes($attributes);
+        $owner_attributes = $this->getQualifiedUsersAttributes($attributes, $default_values);
         foreach ($owner_attributes as $i => $attributes) {
             if (!in_array($attributes["uid"][0], $owner_uids)) {
                 unset($owner_attributes[$i]);
@@ -400,9 +414,12 @@ public function getAllOrgGroups(
         return $out;
     }
 
-    public function getAllOrgGroupsAttributes(array $attributes): array
+    public function getAllOrgGroupsAttributes(array $attributes, array $default_values = []): array
     {
-        return $this->org_groupOU->getChildrenArray($attributes);
+        return $this->org_groupOU->getChildrenArrayStrict(
+            $attributes,
+            default_values: $default_values,
+        );
     }
 
     public function getUserEntry(string $uid): LDAPEntry
diff --git a/resources/lib/phpopenldaper b/resources/lib/phpopenldaper
index 0900483b..5432bdd7 160000
--- a/resources/lib/phpopenldaper
+++ b/resources/lib/phpopenldaper
@@ -1 +1 @@
-Subproject commit 0900483bd938fc0ad6c68a14ac355e5d188dc726
+Subproject commit 5432bdd7a5320118aca431bbd69d090eb494f731
diff --git a/workers/update-ldap-cache.php b/workers/update-ldap-cache.php
index b646625b..1dba929a 100755
--- a/workers/update-ldap-cache.php
+++ b/workers/update-ldap-cache.php
@@ -57,7 +57,7 @@
 
     $org_group_ou = new LDAPEntry($LDAP->getConn(), CONFIG["ldap"]["orggroup_ou"]);
     echo "waiting for LDAP search (org groups)...\n";
-    $org_groups = $org_group_ou->getChildrenArray(["cn", "memberuid"], true);
+    $org_groups = $org_group_ou->getChildrenArrayStrict(["cn", "memberuid"], true);
     echo "response received.\n";
     // phpcs:disable
     $org_group_CNs = array_map(function ($x) {
@@ -73,7 +73,7 @@
 
     $pi_group_ou = new LDAPEntry($LDAP->getConn(), CONFIG["ldap"]["pigroup_ou"]);
     echo "waiting for LDAP search (pi groups)...\n";
-    $pi_groups = $pi_group_ou->getChildrenArray(["cn", "memberuid"], true);
+    $pi_groups = $pi_group_ou->getChildrenArrayStrict(["cn", "memberuid"], true);
     echo "response received.\n";
     // phpcs:disable
     $pi_group_CNs = array_map(function ($x) {