It is possible to crash ns-slapd (and ipa-dnskeysyncd afterwards) with crafted ldapsearch query with very long filter value both as anonymous or authenticated user. The crash can be similarly triggered with a query via the FreeIPA API as an authenticated user.
Acknowledgments: Name: Greg Kubok
Created 389-ds-base tracking bugs for this issue: Affects: fedora-all [bug 1575671]
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2018:1364 https://access.redhat.com/errata/RHSA-2018:1364
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:1380 https://access.redhat.com/errata/RHSA-2018:1380
Upstream fix: https://pagure.io/389-ds-base/c/9d8d096b154e