When a server-side control contains a matching rule, Directory Server fails to use the rule to index the values of the attributes. In this situation, the indexed keys are set to NULL. Previously, the server failed with a NULL pointer exception when comparing keys set to NULL. With this update, Directory Server verifies whether indexed values are NULL before comparing them. As a result, the server now returns an LDAP_OPERATION_ERROR message if it fails to index values.
This bug has been copied from bug #1607078 and has been proposed to be backported to 7.5 z-stream (EUS).
Build tested: 389-ds-base-18.104.22.168-26.el7_5.x86_64
Search with server side sort no longer crashes the server, but it doesn't return sorted results per matching rule (bz1615163):
[root@server ds]# ldapsearch -xLLL -D cn=Directory\ Manager -w Secret123 -b cn=users,cn=accounts,dc=ipa,dc=test -E sss=uid:22.214.171.124 "(uid=tuser*)" uid | grep uid:
[root@server ds]# ldapsearch -xLLL -D cn=Directory\ Manager -w Secret123 -b cn=users,cn=accounts,dc=ipa,dc=test -E sss=-uid:126.96.36.199 "(uid=tuser*)" uid | grep uid:
Marking as VERIFIED.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.