[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#7934) wrong search behavior in accesslog entries

Full_Name: John Alex.
Version: 2.4.39
OS: FreeBSD 9.2
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (

Values of reqAttr in accesslog entries are not searchable the normal way if they
contain at least an uppercase character.

Even though the reqAttr attribute has a caseIgnoreMatch search rule, the only
way to search for values containing uppercase characters is to explicitly use a
caseExactMatch rule.

Consider this accesslog entry for example: 

dn: reqStart=20140905054555.000001Z,cn=accesslog
objectClass: auditSearch
reqAttr: givenName
reqAttrsOnly: FALSE
reqAuthzID: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
reqDerefAliases: never
reqDN: dc=example,dc=com
reqEnd: 20140905054555.000002Z
reqEntries: 9
reqFilter: (objectClass=*)
reqResult: 0
reqScope: sub
reqSession: 1268
reqSizeLimit: 500
reqStart: 20140905054555.000001Z
reqTimeLimit: 3600
reqType: search

Searching with "(reqAttr=givenName)" will not return results, while using
"(reqAttr:caseExactMatch:=givenName)" will return the above entry. Accesslog
entries where values of reqAttr contain only lowercase characters are returned
correctly with the "(reqAttr=givenName)" filter.

The same behavior can be observed with reqFilter (and probably other attributes
as well but I didn't test).

This applies to entries added to the db by the accesslog overlay and not to
entries otherwise inserted.