I am trying to write a LDAP query against Active Directory which would
return only enabled users. I found the following query which does the trick
in all LDAP query tools, but it does not work using JLDAP library.

The query is:
(&(objectclass=person)(!(userAccountControl:1.2.84 0.113556.1.4.803:=2))

I am getting the following exception stack trace:

LDAPException: Connection lost waiting for results from w2k3s:636 (91)
Connect Error
java.io.EOFException: Unknown tag
at com.novell.ldap.Connection$ReaderThread.run(Unknow n Source)
at java.lang.Thread.run(Thread.java:619)
Caused by: java.io.EOFException: Unknown tag
at com.novell.ldap.asn1.LBERDecoder.decode(Unknown Source)
at com.novell.ldap.asn1.ASN1Structured.decodeStructur ed(Unknown Source)
at com.novell.ldap.asn1.ASN1Set.<init>(Unknown Source)
at com.novell.ldap.asn1.LBERDecoder.decode(Unknown Source)
at com.novell.ldap.asn1.ASN1Structured.decodeStructur ed(Unknown Source)
at com.novell.ldap.asn1.ASN1SequenceOf.<init>(Unknown Source)
at com.novell.ldap.rfc2251.RfcControls.<init>(Unknown Source)
at com.novell.ldap.rfc2251.RfcLDAPMessage.<init>(Unkn own Source)

It looks like the "userAccountControl:1.2.840.113556.1.4.803:=2" part is the
source of problems since without this part the query works fine (except that
it returns both disabled and enabled users).


Anybody knows how to fix this query or is there any workaround?

Regards.
Borut