diff --git a/source4/dsdb/samdb/ldb_modules/acl_read.c b/source4/dsdb/samdb/ldb_modules/acl_read.c
index d4ebe9b8f13..280845a47a5 100644
--- a/source4/dsdb/samdb/ldb_modules/acl_read.c
+++ b/source4/dsdb/samdb/ldb_modules/acl_read.c
@@ -294,10 +294,12 @@ static int check_attr_access_rights(TALLOC_CTX *mem_ctx, const char *attr_name,
 
 	attr = dsdb_attribute_by_lDAPDisplayName(ac->schema, attr_name);
 	if (!attr) {
-		ldb_debug_set(ldb, LDB_DEBUG_FATAL,
-			      "acl_read: %s cannot find attr[%s] in schema\n",
+		ldb_debug_set(ldb,
+			      LDB_DEBUG_TRACE,
+			      "acl_read: %s cannot find attr[%s] in schema,"
+			      "ignoring\n",
 			      ldb_dn_get_linearized(dn), attr_name);
-		return LDB_ERR_OPERATIONS_ERROR;
+		return LDB_SUCCESS;
 	}
 
 	/*
diff --git a/source4/dsdb/tests/python/ldap.py b/source4/dsdb/tests/python/ldap.py
index 815a2c00e64..ea6f30fa5e3 100755
--- a/source4/dsdb/tests/python/ldap.py
+++ b/source4/dsdb/tests/python/ldap.py
@@ -627,6 +627,15 @@ class BasicTests(samba.tests.TestCase):
             (num, _) = e27.args
             self.assertEquals(num, ERR_NO_SUCH_ATTRIBUTE)
 
+        #
+        # When searching the unknown attribute should be ignored
+        expr = "(|(cn=ldaptestgroup)(thisdoesnotexist=x))"
+        res = ldb.search(base=self.base_dn,
+                         expression=expr,
+                         scope=SCOPE_SUBTREE)
+        self.assertTrue(len(res) == 1,
+                        "Search including unknown attribute failed")
+
         delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
 
         # attributes not in objectclasses and mandatory attributes missing test