[Issue 9923] New: extensible match ignored

Wed, 28 Sep 2022 03:40:19 -0700 

https://bugs.openldap.org/show_bug.cgi?id=9923

          Issue ID: 9923
           Summary: extensible match ignored
           Product: OpenLDAP
           Version: 2.6.3
          Hardware: All
                OS: All
            Status: UNCONFIRMED
          Keywords: needs_review
          Severity: normal
          Priority: ---
         Component: slapd
          Assignee: b...@openldap.org
          Reporter: franc...@rcdevs.com
  Target Milestone: ---

Hi,

I'm trying to use a matching rule with slapd as a proxy in front of Active
Directory with back-ldap

The request is something similar to
'(memberOf:1.2.840.113556.1.4.1941:=cn=gp1,o=Root)'
It works if I use it directly on AD.

Unfortunately, the request is ignored by slapd and not forwarded, I receive a
"success" but the result is empty.

The request is forwarded if I use something like this:
'(memberOf=cn=gp1,o=Root)'

Could it be possible to forward the request to the backend? slapd doesn't need
to understand the meaning of the OID.


slapd with matching rule:
[2022-09-28 11:07:39] begin get_filter
[2022-09-28 11:07:39] EXTENSIBLE
[2022-09-28 11:07:39] daemon: activity on 1 descriptor
[2022-09-28 11:07:39] end get_filter 0
[2022-09-28 11:07:39]     filter: (?=undefined)
[2022-09-28 11:07:39]     attrs: dn
[2022-09-28 11:07:39] conn=1000 op=1 SRCH base="o=root" scope=2 deref=0
filter="(?=undefined)"


slapd without matching rule:
[2022-09-28 11:07:47] begin get_filter
[2022-09-28 11:07:47] EQUALITY
[2022-09-28 11:07:47] get_ava: unknown attributeType memberOf
[2022-09-28 11:07:47] 
[2022-09-28 11:07:47] end get_filter 0
[2022-09-28 11:07:47] daemon: epoll: listen=7 active_threads=0 tvp=NULL
[2022-09-28 11:07:47] daemon: epoll: listen=8 active_threads=0 tvp=NULL
[2022-09-28 11:07:47]     filter: (?memberOf=cn=gp1,o=Root)
[2022-09-28 11:07:47]     attrs: dn
[2022-09-28 11:07:47] conn=1001 op=1 SRCH base="o=root" scope=2 deref=0
filter="(?memberOf=cn=gp1,o=Root)"


searchrequest dump:
0000   30 56 02 01 02 63 51 04 06 6f 3d 72 6f 6f 74 0a   0V...cQ..o=root.
0010   01 02 0a 01 00 02 01 00 02 01 00 01 01 00 a9 32   ...............2
0020   81 17 31 2e 32 2e 38 34 30 2e 31 31 33 35 35 36   ..1.2.840.113556
0030   2e 31 2e 34 2e 31 39 34 31 82 08 6d 65 6d 62 65   .1.4.1941..membe
0040   72 4f 66 83 0d 63 6e 3d 67 70 31 2c 6f 3d 52 6f   rOf..cn=gp1,o=Ro
0050   6f 74 30 04 04 02 64 6e                           ot0...dn

-- 
You are receiving this mail because:
You are on the CC list for the issue.

Reply via email to