Skip to content

System.DirectoryServices.Protocols.SearchRequest Filter does not allow redundant parentheses unlike on Windows #127168

Open
Open
System.DirectoryServices.Protocols.SearchRequest Filter does not allow redundant parentheses unlike on Windows#127168
Labels
area-System.DirectoryServicesuntriagedNew issue has not been triaged by the area owner
@Pxtl

Description

@Pxtl
Pxtl
opened on Apr 20, 2026

Description

On windows, the System.DirectoryServices.Protocols.SearchRequest Filter property allows the filter to have redundant parens.

For example,

((((samaccountname=example))))

is a legal LDAP filter on Windows, but not on Linux. Exactly one outermost parenthetical is required. This also carries to nested parentheticals.

&(objectclass=user)((((samaccountname=example))))

is also legal in Windows but not on Linux.

Reproduction Steps

using the following docker-compose.yml to create an LDAP server on localhost:

services:
  smblds:
    environment:
    - INSECURE_LDAP=true
    image: 'smblds/smblds:latest'
    ports:
      - 389:389
      - 636:636

Invoke the following (using pwsh to demonstrate).

$assemblyPath = "[YourPathGoesHere]/System.DirectoryServices.Protocols.dll"
Add-Type -path $assemblyPath

# default credentials for `smblds` for testing purposes.
$credential = [Management.Automation.PSCredential]::new('SAMDOM\Administrator', (ConvertTo-SecureString 'Passw0rd' -AsPlainText -Force))
$identifier = [System.DirectoryServices.Protocols.LdapDirectoryIdentifier]::new('localhost', 389)
$conn = [System.DirectoryServices.Protocols.LDAPConnection]::new($identifier, $credential, 'Basic')
# fetch RootDSE
$conn.SendRequest([System.DirectoryServices.Protocols.SearchRequest]::new($null, "((objectClass=*))", "base", "*"))

Works fine in pwsh (which uses netcore) and PS5.1 (which uses framework) but fails on linux.

Expected behavior

Return RootDSE searchresponse.

Actual behavior

MethodInvocationException: Exception calling "SendRequest" with "1" argument(s): "The search filter is invalid."

Regression?

No response

Known Workarounds

No response

Configuration

Ubuntu 22.04, .NET 8.0, x64

Other information

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    area-System.DirectoryServicesuntriagedNew issue has not been triaged by the area owner

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions