Bug 1511462 - scope one searches give incorrect results
Summary: scope one searches give incorrect results
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: 389-ds-base
Version: 7.5
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: Ludwig
QA Contact: Viktor Ashirov
Marc Muehlfeld
: 1514051 (view as bug list)
Depends On:
TreeView+ depends on / blocked
Reported: 2017-11-09 12:15 UTC by Ludwig
Modified: 2020-09-13 22:04 UTC (History)
7 users (show)

Fixed In Version: 389-ds-base-
Doc Type: Bug Fix
Doc Text:
Directory Server searches with a scope set to "one" have been fixed Due to a bug in Directory Server, searches with a scope set to "one" returned all child entries instead of only the ones that matched the filter. This update fixes the problem. As a result, searches with scope "one" only return entries which are matching the filter.
Clone Of:
Last Closed: 2018-04-10 14:21:13 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Github 389ds 389-ds-base issues 2502 0 None None None 2020-09-13 22:04:07 UTC
Red Hat Bugzilla 1514051 0 unspecified CLOSED Replication agreements/topology is not setup properly 2021-02-22 00:41:40 UTC
Red Hat Product Errata RHBA-2018:0811 0 None None None 2018-04-10 14:22:03 UTC

Internal Links: 1514051

Description Ludwig 2017-11-09 12:15:11 UTC
if a onelevel search is done for an unidexed attribute, the filter test is skipped and all children of the search base are returned

see upstream ticket #49443

Comment 4 Amita Sharma 2017-12-05 11:37:13 UTC
[root@qeos-38 upstream]# rpm -qa | grep 389

ldapadd -x -h localhost -p 389 -D "cn=Directory Manager" -w Secret123  << EOF
> dn: uid=amita2,ou=Special Users,dc=example,dc=com
> cn: amita2
> sn: amita2
> objectclass: top
> objectclass: organizationalPerson
> objectclass: inetOrgPerson
> objectclass: person
> uid: amita2
> description: anything
> mail: amita
> userpassword: Secret123
adding new entry "uid=amita2,ou=Special Users,dc=example,dc=com"

[root@qeos-38 upstream]# ldapsearch -LLL -o ldif-wrap=no -h localhost  -p 389 -x -D "cn=directory manager" -w Secret123 -b "ou=Special Users,dc=example,dc=com" -s sub  description="Special Administrative Accounts" description
dn: ou=Special Users,dc=example,dc=com
description: Special Administrative Accounts

[root@qeos-38 upstream]# ldapsearch -LLL -o ldif-wrap=no -h localhost  -p 389 -x -D "cn=directory manager" -w Secret123 -b "ou=Special Users,dc=example,dc=com" -s one  description="anything" description
dn: uid=amita2,ou=Special Users,dc=example,dc=com
description: anything


Comment 5 Viktor Ashirov 2018-01-05 15:37:30 UTC
*** Bug 1514051 has been marked as a duplicate of this bug. ***

Comment 9 errata-xmlrpc 2018-04-10 14:21:13 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.