Full_Name: John Alex. Version: 2.4.39 OS: FreeBSD 9.2 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (37.6.134.63) Values of reqAttr in accesslog entries are not searchable the normal way if they contain at least an uppercase character. Even though the reqAttr attribute has a caseIgnoreMatch search rule, the only way to search for values containing uppercase characters is to explicitly use a caseExactMatch rule. Consider this accesslog entry for example: dn: reqStart=20140905054555.000001Z,cn=accesslog objectClass: auditSearch reqAttr: givenName reqAttrsOnly: FALSE reqAuthzID: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth reqDerefAliases: never reqDN: dc=example,dc=com reqEnd: 20140905054555.000002Z reqEntries: 9 reqFilter: (objectClass=*) reqResult: 0 reqScope: sub reqSession: 1268 reqSizeLimit: 500 reqStart: 20140905054555.000001Z reqTimeLimit: 3600 reqType: search Searching with "(reqAttr=givenName)" will not return results, while using "(reqAttr:caseExactMatch:=givenName)" will return the above entry. Accesslog entries where values of reqAttr contain only lowercase characters are returned correctly with the "(reqAttr=givenName)" filter. The same behavior can be observed with reqFilter (and probably other attributes as well but I didn't test). This applies to entries added to the db by the accesslog overlay and not to entries otherwise inserted.
alexoz66@gmail.com wrote: > Full_Name: John Alex. > Version: 2.4.39 > OS: FreeBSD 9.2 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (37.6.134.63) > > > Values of reqAttr in accesslog entries are not searchable the normal way if they > contain at least an uppercase character. Thanks for the report, fixed in git master > > Even though the reqAttr attribute has a caseIgnoreMatch search rule, the only > way to search for values containing uppercase characters is to explicitly use a > caseExactMatch rule. > > Consider this accesslog entry for example: > > dn: reqStart=20140905054555.000001Z,cn=accesslog > objectClass: auditSearch > reqAttr: givenName > reqAttrsOnly: FALSE > reqAuthzID: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth > reqDerefAliases: never > reqDN: dc=example,dc=com > reqEnd: 20140905054555.000002Z > reqEntries: 9 > reqFilter: (objectClass=*) > reqResult: 0 > reqScope: sub > reqSession: 1268 > reqSizeLimit: 500 > reqStart: 20140905054555.000001Z > reqTimeLimit: 3600 > reqType: search > > > Searching with "(reqAttr=givenName)" will not return results, while using > "(reqAttr:caseExactMatch:=givenName)" will return the above entry. Accesslog > entries where values of reqAttr contain only lowercase characters are returned > correctly with the "(reqAttr=givenName)" filter. > > The same behavior can be observed with reqFilter (and probably other attributes > as well but I didn't test). > > This applies to entries added to the db by the accesslog overlay and not to > entries otherwise inserted. > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
changed notes changed state Open to Test moved from Incoming to Software Bugs
changed notes changed state Test to Release
fixed in master fixed in RE25 fixed in RE24
changed notes changed state Release to Closed