[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#6480) Incorrect handling of noncritical LDAP_CONTROL_X_SEARCH_OPTIONS

Full_Name: Alastair McCormack
Version: 2.3.43
OS: Red Hat Enterprise Linux Server release 5.4 (Tikanga)
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (

Proprietary LDAP Client ---LDAPv3---> OpenLDAP 2.3.43
Query: ??sub(objectClass=*)

Client Receives Error 53: "searchOptions contained unrecognized flag"

This works fine when client is pointed at a Windows AD Domain Controller.

Tracing reveals that client is setting:
  Control: oid=1.2.840.113556.1.4.1340 = SERVER_SEARCH_FLAG_PHANTOM_ROOT

By my novice understanding of the LDAP v3 RFC, the non-critical flag should mean
that the search should not fail if the Control is not supported. However, it
would seem that in controls.c an unknown or unimplemented flag is causing an
exception even if the Control option is non critical.

I have worked around this by creating and applying the following patch (includes
typo fix):

--- /var/tmp/controls.c-ignore-non-crit-search-flags    2010-02-22
15:16:16.000000000 +0000
+++ openldap-2.3.43/servers/slapd/controls.c    2008-04-09 02:12:47.000000000
@@ -1425,10 +1425,10 @@ static int parseSearchOptions (
                        : SLAP_CONTROL_NONCRITICAL;

-       if ( search_flags & ~(LDAP_SEARCH_FLAG_DOMAIN_SCOPE) ) {
+       if ( (search_flags & ~(LDAP_SEARCH_FLAG_DOMAIN_SCOPE)) &&
ctrl->ldctl_iscritical ) {
                /* Other search flags not recognised so far,
                 * including:
-                *              LDAP_SEARCH_FLAG_PHANTOM_ROOM
+                *              LDAP_SEARCH_FLAG_PHANTOM_ROOT
                rs->sr_text = "searchOptions contained unrecognized flag";
                return LDAP_UNWILLING_TO_PERFORM;

I have very little C knowledge so this was more of a POC rather than a suggested

Many thanks for a superb application. Keep up the good work :)

Alastair McCormack