We seem to have an issue handling timestring (Generalized-Time), attributeSyntax 2.5.5.11, oMSyntax 24) in LDAP modify requests, showing the same modify request against Windows 2008 and Samba (git master from today): slow@samba-ad:~/samba/master$ cat win2008r2.ldif # editing 1 records # record 1 dn: CN=SAMBA-MEMBER1,CN=Computers,DC=win2008r2,DC=site changetype: modify replace: msTSExpireDate msTSExpireDate: 20160101112000.0+0400 slow@samba-ad:~/samba/master$ cat samba.ldif # editing 1 records # record 1 dn: CN=SAMBA-MEMBER1,CN=Computers,DC=hillhouse,DC=site changetype: modify replace: msTSExpireDate msTSExpireDate: 20160101112000.0+0400 slow@samba-ad:~/samba/master$ ./bin/ldbmodify -d 0 -H ldap://10.10.11.200 -UAdministrator%PASSWORD win2008r2.ldif Modified 1 records successfully slow@samba-ad:~/samba/master$ ./bin/ldbmodify -d 0 -H ldap://10.10.11.11 -UAdministrator%PASSWORD samba.ldif ERR: (Invalid attribute syntax) "LDAP error 21 LDAP_INVALID_ATTRIBUTE_SYNTAX - <0000200B: objectclass_attrs: attribute 'msTSExpireDate' on entry 'CN=SAMBA-MEMBER1,CN=Computers,DC=hillhouse,DC=site' contains at least one invalid value!> <>" on DN CN=SAMBA-MEMBER1,CN=Computers,DC=hillhouse,DC=site at block before line 6 Modify failed after processing 0 records It works with "20160101112000.0Z". Searching works: slow@samba-ad:~/samba/master$ ./bin/ldbsearch -d 0 -H ldap://10.10.11.11 -UAdministrator%PASSWORD "whenChanged>=20160101120000.0+0200" > /dev/null && echo success success
This looks a bit like bug 14677.