[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP goes too deep with regex's (ITS#2174)


 From this report and the follow-ups, it's a little unclear
as to exactly what your problem is.

Are you reporting that after finding one entry, slapd should
not consider other possible candidates?  If so, then I would
say that, no, slapd should consider all possible candidates.

Are you reporting that in the consideration of one particular
entry, slapd doesn't short circuit the filter evaluation?  If
so, then I would ask that you provide additional information
(such as detail logging) as the entry filter code is designed
to support short cutting of AND and OR filter components.


At 09:07 AM 2002-11-11, quanah@stanford.edu wrote:
>Full_Name: Quanah Gibson-Mount
>Version: 2.1.8
>OS: Solaris 8
>URL: ftp://ftp.openldap.org/incoming/
>Submission from: (NULL) (
>When using a sasl-regexp of the form:
>sasl-regexp uid=(.*),cn=(.*),cn=gssapi,cn=auth
>I found that even though
>a) suKrb5name wasn't in an entry and
>b) the information was looking for was in krb5PrincipalName
>slapd would still continue to look for the suKrb5Name attribute, even after
>getting a successful match at krb5PrincipalName.
>This really violates the purpose of an OR statement, and greatly decreases the
>efficiency of slapd.