diff --git a/tests/data/aci.out b/tests/data/aci.out
index fdf8ab9e9bfe3f40ce9e90724a1300e579787534..dd550ef18bae97e3d2e3e5143931e67850923285 100644
--- a/tests/data/aci.out
+++ b/tests/data/aci.out
@@ -65,3 +65,4 @@ uniqueMember: cn=James A Jones 2,ou=Information Technology Division,ou=People,
 uniqueMember: cn=John Doe,ou=Information Technology Division,ou=People,dc=exam
  ple,dc=com
 
+# Searching "ou=Groups,dc=example,dc=com" as "cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" (should succeed with no results)...
diff --git a/tests/scripts/test041-aci b/tests/scripts/test041-aci
index fd6f46c09624b12c9512606143b71dc1ecc8daa4..5e6ec138bb5e1ef75a216ef0f21b7f655db4115d 100755
--- a/tests/scripts/test041-aci
+++ b/tests/scripts/test041-aci
@@ -217,6 +217,21 @@ if test $RC != 0 ; then
 	exit $RC
 fi
 
+# Search must fail
+BINDDN="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
+BINDPW=bjensen
+echo "Searching \"$BASEDN\" as \"$BINDDN\" (should succeed with no results)..."
+echo "# Searching \"$BASEDN\" as \"$BINDDN\" (should succeed with no results)..." >> $SEARCHOUT
+$LDAPSEARCH -s one -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+	-D "$BINDDN" -w "$BINDPW" \
+	'(objectClass=*)' >> $SEARCHOUT 2>> $TESTOUT
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
 test $KILLSERVERS != no && kill -HUP $KILLPIDS
 
 LDIF=$ACIOUT