[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#5071) ;binary issue

Full_Name: Pierangelo Masarati
Version: HEAD/re23
OS: irrelevant
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (

I've noticed an issue related to operating on certificates with/without ;binary,
as detailed in the table below

slapadd                  filter                    requested attrs

             |   ;binary    |  no ;binary  |   ;binary    |  no ;binary 
;binary      |   results    |   results    |  returned    |  returned  
no ;binary   |  no results  |   results    | not returned |  returned

So it seems that if data is loaded with ;binary then search operations work
regardless of having specified ;binary in search filters or in requested
attributes, while if data is loaded without, then search operations only work if
;binary is omitted.  RFC 4523 states that ;binary MUST be used when transferring
certificates, so perhaps slapd should be either liberal enough to allow any
combination, or strict enough to prevent those data types from working without