[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4979) Bad response when requesting bad attributes



elecharny@apache.org wrote:
> Full_Name: Emmanuel Lecharny
> Version: 2.3.32
> OS: Linux
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (82.236.207.89)
> 
> 
> When searching for entries using attributes to filter the result, you get all
> the entries attributes if you give a wrong attribute :
> 
> ldapsearch -h localhost -p 10389 -D "uid=Admin,ou=system" -w secret -b
> "dc=example,dc=com" -s sub "(objectClass=*)" 9.9.9
> 
> will correctly returns only the DNs of all found entries, as if the 9.9.9
> attribute was 1.1
> 
> but
> 
> ldapsearch -h localhost -p 10389 -D "uid=Admin,ou=system" -w secret -b
> "dc=example,dc=com" -s sub "(objectClass=*)" person
> 
> will return all entries attributes, as if the 'person' was substituted by "*"
> 
> Of course, 'person' is not an attribute, but an objectClass, but the user intent
> was to get only one single attribute value, so I don't think that returning
> everything is correct.
> 
> This is obviously not a serious issue.

This works as designed - requesting an objectclass means to request all 
of the attributes included in that objectclass. In current revisions we 
expect objectClass names to be prefixed with "@" but the original 
behavior is still supported for backward compatibility.

-- 
   -- Howard Chu
   Chief Architect, Symas Corp.  http://www.symas.com
   Director, Highland Sun        http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP     http://www.openldap.org/project/