OpenLDAP
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest

Viewing Software Bugs/7975
Full headers

From: requate@univention.de
Subject: MDB search scope one and filter returns search base
Compose comment
Download message
State:
0 replies:
1 followups: 1

Major security issue: yes  no

Notes:

Notification:


Date: Wed, 29 Oct 2014 15:01:57 +0000
From: requate@univention.de
To: openldap-its@OpenLDAP.org
Subject: MDB search scope one and filter returns search base
Full_Name: Arvid Requate
Version: 2.4.40
OS: Debian / UCS
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (82.198.197.8)


With an mdb backend the command

ldapsearch -xLLL -b dc=ar40i1,dc=qa -s one objectClass=domain dn

returns the base DN. With a bdb backend it doesn't.

The crucial point seems to be the filter in this case, which matches the base
object only, and none of it's children. If I change the filter to
objectclass=top (or leave it away) then only the children are returned, just
like the behaviour of the bdb backend.

Followup 1

Download message
Date: Wed, 29 Oct 2014 18:05:55 +0000
From: Howard Chu <hyc@symas.com>
To: requate@univention.de, openldap-its@OpenLDAP.org
Subject: Re: (ITS#7975) MDB search scope one and filter returns search base
requate@univention.de wrote:
> Full_Name: Arvid Requate
> Version: 2.4.40
> OS: Debian / UCS
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (82.198.197.8)
>
>
> With an mdb backend the command
>
> ldapsearch -xLLL -b dc=ar40i1,dc=qa -s one objectClass=domain dn
>
> returns the base DN. With a bdb backend it doesn't.
>
> The crucial point seems to be the filter in this case, which matches the
base
> object only, and none of it's children. If I change the filter to
> objectclass=top (or leave it away) then only the children are returned,
just
> like the behaviour of the bdb backend.

Fixed now in git master.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/


Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest


The OpenLDAP Issue Tracking System uses a hacked version of JitterBug

______________
© Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org