Issue 7441 - cn=config filters ignore {number}
Summary: cn=config filters ignore {number}
Status: UNCONFIRMED
Alias: None
Product: OpenLDAP
Classification: Unclassified
Component: slapd (show other issues)
Version: 2.4.33
Hardware: All All
: --- normal
Target Milestone: 2.7.0
Assignee: Ondřej Kuzník
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-11-16 16:40 UTC by Hallvard Furuseth
Modified: 2023-10-12 17:08 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.
Description Hallvard Furuseth 2012-11-16 16:40:54 UTC 
Full_Name: Hallvard B Furuseth
Version: 2.4.33
OS: Linux x86_64
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (2001:700:100:556::233)
Submitted by: hallvard


cn=config ignores the {number} prefix in filters:
  "(olcDatabase={2}hdb)" -> matches all HDB databases
  "(olcdatabase={2})"    -> none
ldapcompare does the opposite:
  "olcdatabase:{2}hdb"   -> TRUE  (at DN olcdatabase={2}hdb,cn=config)
  "olcdatabase:{2}       -> FALSE
  "olcdatabase:hdb"      -> FALSE
Comment 1 Quanah Gibson-Mount 2017-04-13 15:21:29 UTC 
moved from Incoming to Software Bugs
Comment 2 Ondřej Kuzník 2022-03-07 14:40:55 UTC 
The inconsistency part comes from bconfig not implementing be_compare. Instead, it relies on the frontend implementation, so while search goes through test_filter->...->ordered_value_match and other backends use slap_compare_entry which triggers the same, frontend's compare gets the actual values through backend_attribute and then calls value_find_ex, which doesn't care about SLAP_AT_ORDERED.

Afterwards, allowing attr={index} assertions to match attr={index}value and attr={index}value to match itself only should be possible by adapting ordered_value_match (and value_find_ex or whatever we end up calling from the frontend).