[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#4979) Bad response when requesting bad attributes

Full_Name: Emmanuel Lecharny
Version: 2.3.32
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (

When searching for entries using attributes to filter the result, you get all
the entries attributes if you give a wrong attribute :

ldapsearch -h localhost -p 10389 -D "uid=Admin,ou=system" -w secret -b
"dc=example,dc=com" -s sub "(objectClass=*)" 9.9.9

will correctly returns only the DNs of all found entries, as if the 9.9.9
attribute was 1.1


ldapsearch -h localhost -p 10389 -D "uid=Admin,ou=system" -w secret -b
"dc=example,dc=com" -s sub "(objectClass=*)" person

will return all entries attributes, as if the 'person' was substituted by "*"

Of course, 'person' is not an attribute, but an objectClass, but the user intent
was to get only one single attribute value, so I don't think that returning
everything is correct.

This is obviously not a serious issue.