[Date Prev][Date Next]
(ITS#8923) compare op with dynlist returns wrong code when requested DN is in scope but doesn't exist
- To: openldap-its@OpenLDAP.org
- Subject: (ITS#8923) compare op with dynlist returns wrong code when requested DN is in scope but doesn't exist
- From: email@example.com
- Date: Wed, 03 Oct 2018 20:25:44 +0000
- Auto-submitted: auto-generated (OpenLDAP-ITS)
Full_Name: Quanah Gibson-Mount
Submission from: (NULL) (188.8.131.52)
In a situation where a dynamic group has been created and a compare operation is
run with a DN that doesn't exist but is within the scope of the dynamic group
URI, the ldapcompare operation will incorrectly return an error 80 instead of
error 5 (compare FALSE).
For example, if I have:
and I do an ldapcompare with:
ldapcompare -x -H ldap://anvil2.rb.symas.net -D dc=example,dc=com -w secret
(i.e., this entry doesn't exist in the DB), I get:
Compare Result: Other (e.g., implementation specific) error (80)
This appears to be due to the fact that in this scenario, slapd attempts to find
the DN in the underlying DB and it doesn't exist, so an err=32 is returned back.
This is incorrectly interpreted as an unknown error, thus the err=80 result.
Instead it should be treated as "not a member of the group".