Bug 1511462

Summary: scope one searches give incorrect results
Product: Red Hat Enterprise Linux 7 Reporter: Ludwig <lkrispen>
Component: 389-ds-baseAssignee: Ludwig <lkrispen>
Status: CLOSED ERRATA QA Contact: Viktor Ashirov <vashirov>
Severity: high Docs Contact: Marc Muehlfeld <mmuehlfe>
Priority: unspecified    
Version: 7.5CC: amsharma, enewland, gparente, lkrispen, nkinder, pvoborni, rmeggins
Target Milestone: rcKeywords: Regression
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: 389-ds-base-1.3.7.5-10.el7 Doc Type: Bug Fix
Doc Text:
Directory Server searches with a scope set to "one" have been fixed Due to a bug in Directory Server, searches with a scope set to "one" returned all child entries instead of only the ones that matched the filter. This update fixes the problem. As a result, searches with scope "one" only return entries which are matching the filter.
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-04-10 14:21:13 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Ludwig 2017-11-09 12:15:11 UTC
if a onelevel search is done for an unidexed attribute, the filter test is skipped and all children of the search base are returned

see upstream ticket #49443

Comment 4 Amita Sharma 2017-12-05 11:37:13 UTC
[root@qeos-38 upstream]# rpm -qa | grep 389
389-ds-base-snmp-1.3.7.5-10.el7.x86_64
389-ds-base-libs-1.3.7.5-10.el7.x86_64
389-ds-base-1.3.7.5-10.el7.x86_64

ldapadd -x -h localhost -p 389 -D "cn=Directory Manager" -w Secret123  << EOF
> dn: uid=amita2,ou=Special Users,dc=example,dc=com
> cn: amita2
> sn: amita2
> objectclass: top
> objectclass: organizationalPerson
> objectclass: inetOrgPerson
> objectclass: person
> uid: amita2
> description: anything
> mail: amita@example.com
> userpassword: Secret123
> EOF
adding new entry "uid=amita2,ou=Special Users,dc=example,dc=com"

[root@qeos-38 upstream]# ldapsearch -LLL -o ldif-wrap=no -h localhost  -p 389 -x -D "cn=directory manager" -w Secret123 -b "ou=Special Users,dc=example,dc=com" -s sub  description="Special Administrative Accounts" description
dn: ou=Special Users,dc=example,dc=com
description: Special Administrative Accounts

[root@qeos-38 upstream]# ldapsearch -LLL -o ldif-wrap=no -h localhost  -p 389 -x -D "cn=directory manager" -w Secret123 -b "ou=Special Users,dc=example,dc=com" -s one  description="anything" description
dn: uid=amita2,ou=Special Users,dc=example,dc=com
description: anything

Hence VERIFIED.

Comment 5 Viktor Ashirov 2018-01-05 15:37:30 UTC
*** Bug 1514051 has been marked as a duplicate of this bug. ***

Comment 9 errata-xmlrpc 2018-04-10 14:21:13 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0811