Description of problem: the pipe character '|' within a search filter on a non-indexed attribute returns all elements. Version-Release number of selected component (if applicable): 389 Directory Server Version: 1.2.5 Build number: 2010.012.2024 How reproducible: try the following filter : (ou=|*) it returns all objects that match the filter (ou=*) try the following filter : (ou=bigbug|*) it returns all objects that match the filter (ou=*) try the following filter : (|(cn=bigbug)(ou=bigbug|*)) it returns all objects that match the filter (|(cn=*)(ou=*)) Actual results: ldapsearch ... -b O=IAM -s sub "(ou=bigbug|*)" dn ou dn: ou=IAMIDENTITY,O=IAM ou: IAMIDENTITY dn: ou=IAMSYNCD,O=IAM ou: IAMSYNCD dn: ou=IAM Administrators,O=IAM ou: IAM Administrators dn: ou=IAMDATA,O=IAM ou: IAMDATA ldapsearch ... -b O=IAM -s sub "(|(cn=bigbug)(ou=bigbug|*))" dn ou ... dn: ou=gbo,ou=Policy Manager,O=IAM ou: gbo dn: ou=Applications,ou=gbo,ou=Policy Manager,O=IAM ou: Applications dn: CN=94144f40,OU=IAMSYNCD,O=IAM ou: 94144f40 dn: CN=94144f40,OU=IAMIDENTITY,O=IAM ou: 94144f40 dn: CN=89128e40,OU=IAMSYNCD,O=IAM ou: 89128e40 Expected results: empty result for the 2 requests Additional info:
the problem does not occur when a 'string' index is defined on the attribute.
substring index
What platform? What version of DS? rpm -qi 389-ds-base
platform: Fedora 11(Leonidas) Linux 2.6.29.4-167.fc11.i686.PAE Intel Xeon E5440 @ 2,83 GHz DS : Name : 389-ds-base Relocations: (not relocatable) Version : 1.2.5 Vendor: Fedora Project Release : 1.fc11 Build Date: mar. 12 janv. 2010 21:25:14 CET Install Date: jeu. 18 févr. 2010 18:05:59 CET Build Host: x86-03.phx2.fedoraproject.org Group : System Environment/Daemons Source RPM: 389-ds-base-1.2.5-1.fc11.src.rpm Size : 5214952 License: GPLv2 with exceptions Signature : RSA/8, mer. 13 janv. 2010 02:07:48 CET, Key ID 1dc5c758d22e77f2 Packager : Fedora Project URL : http://port389.org/ Summary : 389 Directory Server (base) Description : 389 Directory Server is an LDAPv3 compliant server. The base package includes the LDAP server and command line utilities for server administration.
Created attachment 405023 [details] 0001-Bug-572162-the-string-within-a-search-filter.patch
To ssh://git.fedorahosted.org/git/389/ds.git a640bf6..7b29561 Directory_Server_8_2_Branch -> Directory_Server_8_2_Branch commit 7b29561a0614032f12bd7151841f5150da9d4cb0 Author: Rich Megginson <rmeggins> Date: Wed Apr 7 10:16:22 2010 -0600 0c9d459..b433e4c master -> master commit b433e4c852a2ef78558dffc1ccbaf464c1186934 Author: Rich Megginson <rmeggins> Date: Wed Apr 7 10:16:22 2010 -0600
fix verified reproduced with 389-ds-base-1.2.5-1.fc12.x86_64 verified on Solaris DS 8.2 pkginfo -l RHATredhat-dsx-base PKGINST: RHATredhat-dsx-base NAME: Red Hat Directory Server CATEGORY: application ARCH: sparcv9 VERSION: 8.2.0,REV=2010.05.12.04.34.47 BASEDIR: / DESC: Red Hat Directory Server PSTAMP: sun-t1k-02.idm.lab.bos.redhat.com20100512013448 INSTDATE: May 12 2010 13:17 STATUS: completely installed FILES: 285 installed pathnames 25 shared pathnames 36 directories 108 executables 18323 blocks used (approx) all 3 filters: (ou=|*) (ou=bigbug|*) (|(cn=bigbug)(ou=bigbug|*)) all return no results.