Bug 36343

Summary: mdb backend finds base object by ldapsearch -s one -b "$ldap_base" objectclass=domain
Product: UCS Reporter: Arvid Requate <requate>
Component: LDAPAssignee: Felix Botner <botner>
Status: CLOSED FIXED QA Contact: Arvid Requate <requate>
Severity: normal    
Priority: P5 CC: best, damrose, gohmann, klaeser, walkenhorst
Version: UCS 4.0Flags: requate: Patch_Available+
Target Milestone: UCS 4.0-3-errata   
Hardware: Other   
OS: Linux   
URL: http://www.openldap.org/its/index.cgi?usearchives=1;selectid=7975
See Also: https://forge.univention.org/bugzilla/show_bug.cgi?id=41234
What kind of report is it?: --- What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional):
Max CVSS v3 score:
Attachments: fix_mdb_onelevel_search.patch

Description Arvid Requate univentionstaff 2014-10-29 17:32:20 CET 
I filed an upstream bug for this, see URL.

Code using SCOPE_ONELEVEL searches may show a change of behaviour. From a quick grep I see these candidates:

univention-licence/lib/license_ldap.c
univention-python/uldap.py
univention-python/modules/uldap.py
univention-directory-listener/src/filter.c
univention-directory-listener/tests/test__filter__cache_entry_ldap_filter_match.c
univention-directory-manager-modules/scripts/proof_uniqueMembers

E.g. I would expect "base+one" in univention.uldap to return the base object twice when searching e.g. for objectclass=domain.

But the issue only occurs if a filter was specified for a scope "one" search which only matches the base of the search and none of the children.



+++ This bug was initially created as a clone of Bug #36169 +++
Comment 1 Arvid Requate univentionstaff 2014-10-30 15:06:35 CET 
Created attachment 6265 [details]
fix_mdb_onelevel_search.patch

Upstream patch.
Comment 2 Felix Botner univentionstaff 2015-09-11 15:08:26 CEST 
cherry picked openldap from errata4.0-1 to errata4.0-3, added patch 97_bug36343.patch and built openldap in errata4.0-3.

YAML: 2015-09-11-openldap.yaml
Comment 3 Arvid Requate univentionstaff 2015-09-22 16:15:05 CEST 
Ok, patch applied.
==============
Applying patch 97_bug36343.patch using -p1
Output of the patch process:
patching file servers/slapd/back-mdb/search.c

OK
==============

and "univention-ldapsearch -s one objectClass=univentionBase  -LLL dn" works.

Advisory is ok, I removed support for ucs4.0-2, which has has ended today.
Comment 4 Janek Walkenhorst univentionstaff 2015-09-23 17:13:04 CEST 
<http://errata.software-univention.de/ucs/4.0/324.html>