Bug 543080 - Bitwise plugin fails to return the exact matched entries for Bitwise search filter
Summary: Bitwise plugin fails to return the exact matched entries for Bitwise search f...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Directory Server
Classification: Red Hat
Component: Server - Plugins
Version: 9.0
Hardware: All
OS: Linux
urgent
urgent
Target Milestone: ---
: ---
Assignee: Rich Megginson
QA Contact: Viktor Ashirov
URL:
Whiteboard:
Depends On:
Blocks: 434914 389_1.2.6
TreeView+ depends on / blocked
 
Reported: 2009-12-01 16:56 UTC by Sankar Ramalingam
Modified: 2016-05-06 14:32 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-05-06 14:32:54 UTC


Attachments (Terms of Use)
patch (2.88 KB, patch)
2010-01-26 16:51 UTC, Rich Megginson
nhosoi: review+
Details | Diff

Description Sankar Ramalingam 2009-12-01 16:56:29 UTC
Description of problem: Bitwise plugin doesn't return the exact matching entries for Bitwise AND & OR operators.

Steps to Reproduce:
1. Install RHDS 9.0 latest packages.
2. Create an instance and add custom schema to add users with custom attributes.
3. Add users with "testUserAccountControl" attribute.

Schema.ldif

dn: cn=schema
attributeTypes: ( NAME 'testUserAccountControl' DESC 'Attribute Bitwise filteri-Multi-Valued' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
attributeTypes: ( NAME 'testUserStatus' DESC 'State of User account active/disabled' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
objectClasses: ( NAME 'testperson' SUP top STRUCTURAL MUST ( sn $ cn $ testUserAccountControl $ testUserStatus )
MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) X-ORIGIN BitWise' )

User.ldif


dn: uid=btestuser1,dc=bitwise,dc=com
testUserAccountControl: 514
testUserStatus: Disabled

dn: uid=btestuser2,dc=bitwise,dc=com
testUserAccountControl: 512
testUserStatus: Enabled

dn: uid=btestuser3,dc=bitwise,dc=com
testUserAccountControl: 512
testUserStatus: Disabled

dn: uid=btestuse4,dc=bitwise,dc=com
testUserAccountControl: 514
testUserStatus: Enabled

Run ldapsearch with a bitwise search filter and verify the results.

ldapsearch -x -b "dc=bitwise,dc=com" "(&(objectclass=testperson)(testUserAccountControl:1.2.840.113556.1.4.803:=512))"
  
Actual results: It returns all 4 entries from the suffix.


Expected results: It should return only two entries which are enabled.
It should be 
dn: uid=btestuser2,dc=bitwise,dc=com
dn: uid=btestuser3,dc=bitwise,dc=com


Additional info:

"(&(objectclass=testperson)(testUserAccountControl:1.2.840.113556.1.4.803:=512))"   -- to list only the enabled accounts.
"(&(objectclass=testperson)(testUserAccountControl:1.2.840.113556.1.4.803:=514))"   ---  to list only the disabled accounts
"(&(objectclass=testperson)(testUserAccountControl:1.2.840.113556.1.4.804:=512))"   --- to list only the enabled accounts
"(&(objectclass=testperson)(testUserAccountControl:1.2.840.113556.1.4.804:=514))"   -- to list enabled as well as disabled accounts


All the above filters produce the same results irrespective of the operator(AND or OR).

Comment 1 Rich Megginson 2010-01-26 16:51:26 UTC
Created attachment 386875 [details]
patch

Comment 2 Noriko Hosoi 2010-01-26 16:56:47 UTC
Comment on attachment 386875 [details]
patch

ack.

Comment 3 Rich Megginson 2010-01-26 17:05:22 UTC
To ssh://git.fedorahosted.org/git/389/ds.git
   9b38ac3..73fdd3b  master -> master

commit 73fdd3b8945a34cc3d386c697e4e99560ba7997a
Author: Rich Megginson <rmeggins@redhat.com>
Date:   Tue Jan 26 09:51:05 2010 -0700

    Reviewed by: nhosoi (Thanks!)
    Branch: HEAD
    Fix Description: The Microsoft Windows AD bitwise filters do not work exactl
    like the usual bitwise AND (&) and OR (|) operators.
    For the AND case the matching rule is true only if all bits from the value
    given in the filter value match the value from the entry.
    For the OR case, the matching rule is true if any bits from the value given
    in the filter match the value from the entry.
    For the AND case, this means that even though (a & b) is True,
    if (a & b) != b, the matching rule will return False.
    For the OR case, this means that even though (a | b) is True,
    this may be because there are bits in a.  But we only care
    about bits in a that are also in b.  So we do (a & b) - this
    will return what we want, which is to return True if any of
    the bits in b are also in a.
    Platforms tested: RHEL5 x86_64
    Flag Day: no
    Doc impact: no

Comment 8 Jenny Galipeau 2010-05-06 15:17:03 UTC
fix verified - thanks rich!  - redhat-ds-base-8.2.0-2010050604.el5dsrv - RHEL 5 32bit

ldapsearch -x -h jennyv2.bos.redhat.com -p 389 -D "cn=Directory Manager" -w Secret123 -b "dc=example,dc=com"  "(&(objectclass=testperson)(testUserAccountControl:1.2.840.113556.1.4.803:=2))"
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> with scope subtree
# filter: (&(objectclass=testperson)(testUserAccountControl:1.2.840.113556.1.4.803:=2))
# requesting: ALL
#

# btestuser1, example.com
dn: uid=btestuser1,dc=example,dc=com
mail: btestuser1@redhat.com
uid: btestuser1
givenName: bit
objectClass: top
objectClass: testperson
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: person
sn: testuser1
cn: bit testuser1
testUserAccountControl: 514
testUserStatus: Disabled
userPassword:: e1NTSEF9d2dSK1lEVGE3a3R6WWVxS2p3OTAyZnd3VStDY1h4QzZHRTJrYmc9PQ=
 =

# btestuser4, example.com
dn: uid=btestuser4,dc=example,dc=com
mail: btestuser4@redhat.com
uid: btestuser4
givenName: bit
objectClass: top
objectClass: testperson
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: person
sn: testuser4
cn: bit testuser4
testUserAccountControl: 514
testUserStatus: Enabled
userPassword:: e1NTSEF9Qi80MW01d3NGK0N5eTdPWlZSaE15VGNUK0NMaUM2MTBkLzQrT1E9PQ=
 =

# search result
search: 2
result: 0 Success

# numResponses: 3
# numEntries: 2


Note You need to log in before you can comment on or make changes to this bug.