On active directory I can do a subtree and one level ldap search using the following filters:
base dn: CN=Users,DC=local,DC=tld
filter: (sAMAccountName=dummyaccount)
The dummyaccount is in the Users container. Can somebody explain to me why one-level and subtree work whereas base does not? Is there something I can do to get base to find the object?
When you perform a base ldap search, you are basically reading properties of the object that you specify as base DN, nothing else.
A base search is useful if you want to read properties of a single object and you know its DN. In that case, you set the base DN to the DN of the object, specify which attributes you'd like to be retrieved and provide a "dummy" search filter ( because filter cannot be ommited ) - like (objectclass=*).
You can of course use the filter to ensure that the DN you are reading conforms to some expectations: you might know the DN, but you want to ensure that the object you are reading is a user, i.e. Then, a search filter may also be used.