Bug 36343 – mdb backend finds base object by ldapsearch -s one -b "$ldap_base" objectclass=domain

Bug 36343 - mdb backend finds base object by ldapsearch -s one -b "$ldap_base" objectclass=domain


Summary:	mdb backend finds base object by ldapsearch -s one -b "$ldap_base" objectclas...

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	LDAP
Version:	UCS 4.0
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 4.0-3-errata
Assigned To:	Felix Botner
QA Contact:	Arvid Requate

URL:	http://www.openldap.org/its/index.cgi...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2014-10-29 17:32 CET by Arvid Requate
Modified:	2016-05-10 12:30 CEST (History)
CC List:	5 users (show)

See Also:	41234
What kind of report is it?:	---
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Flags:	requate: Patch_Available+

Attachments
fix_mdb_onelevel_search.patch (547 bytes, patch) 2014-10-30 15:06 CET, Arvid Requate	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Arvid Requate

2014-10-29 17:32:20 CET

I filed an upstream bug for this, see URL.

Code using SCOPE_ONELEVEL searches may show a change of behaviour. From a quick grep I see these candidates:

univention-licence/lib/license_ldap.c
univention-python/uldap.py
univention-python/modules/uldap.py
univention-directory-listener/src/filter.c
univention-directory-listener/tests/test__filter__cache_entry_ldap_filter_match.c
univention-directory-manager-modules/scripts/proof_uniqueMembers

E.g. I would expect "base+one" in univention.uldap to return the base object twice when searching e.g. for objectclass=domain.

But the issue only occurs if a filter was specified for a scope "one" search which only matches the base of the search and none of the children.



+++ This bug was initially created as a clone of Bug #36169 +++

Comment 1 Arvid Requate

2014-10-30 15:06:35 CET

Created attachment 6265 [details]
fix_mdb_onelevel_search.patch

Upstream patch.

Comment 2 Felix Botner

2015-09-11 15:08:26 CEST

cherry picked openldap from errata4.0-1 to errata4.0-3, added patch 97_bug36343.patch and built openldap in errata4.0-3.

YAML: 2015-09-11-openldap.yaml

Comment 3 Arvid Requate

2015-09-22 16:15:05 CEST

Ok, patch applied.
==============
Applying patch 97_bug36343.patch using -p1
Output of the patch process:
patching file servers/slapd/back-mdb/search.c

OK
==============

and "univention-ldapsearch -s one objectClass=univentionBase  -LLL dn" works.

Advisory is ok, I removed support for ucs4.0-2, which has has ended today.

Comment 4 Janek Walkenhorst

2015-09-23 17:13:04 CEST

<http://errata.software-univention.de/ucs/4.0/324.html>