Re: ldap search vs ldapsearch

[Martijn van Duren]

On Mon, 2021-11-08 at 09:51 +0100, Martijn van Duren wrote:
> On Sat, 2021-11-06 at 03:11 -0400, Allan Streib wrote:
> > On OpenBSD 7.0-release, comparing the output of OpenLDAP's
> > ldapsearch(1) to ldap(1) search, the ldap(1) search output is
> > missing the last attribute of each directory entry.
> > 
> > e.g. from a directory I am working on at work:
> > 
> > $ ldapsearch -LLL -x -H ldapi://%2fvar%2frun%2fldapi -b 
> > dc=ise,dc=luddy,dc=indiana,dc=edu '(objectClass=organizationalUnit)'
> > dn: ou=people,dc=ise,dc=luddy,dc=indiana,dc=edu
> > objectClass: organizationalUnit
> > ou: people
> > description: ISE Systems Users
> > 
> > dn: ou=groups,dc=ise,dc=luddy,dc=indiana,dc=edu
> > objectClass: organizationalUnit
> > ou: groups
> > description: ISE Systems Groups
> > 
> > 
> > Note that these are missing the "description" attribute:
> > 
> > $ ldap search -H ldapi://%2fvar%2frun%2fldapi -b 
> > dc=ise,dc=luddy,dc=indiana,dc=edu '(objectClass=organizationalUnit)'
> > dn: ou=people,dc=ise,dc=luddy,dc=indiana,dc=edu
> > objectClass: organizationalUnit
> > ou: people
> > 
> > dn: ou=groups,dc=ise,dc=luddy,dc=indiana,dc=edu
> > objectClass: organizationalUnit
> > ou: groups
> > 
> > Allan
> > 
> Thanks for the detailed report.
> This edgecase got overlooked when moving to a stricter ASN.1 parsing for
> ober_scanf_elements, which resulted in a premature exit of the loop.
> Diff below should fix it.
> 
> This diff also applies to libexec/login_ldap and usr.sbin/ypldap.
> 
> OK?
> 
> martijn@

Almost forgot about this one.

Index: aldap.c
===================================================================
RCS file: /cvs/src/usr.bin/ldap/aldap.c,v
retrieving revision 1.9
diff -u -p -r1.9 aldap.c
--- aldap.c     24 Oct 2019 12:39:26 -0000      1.9
+++ aldap.c     8 Nov 2021 08:50:12 -0000
@@ -580,15 +580,15 @@ int
 aldap_first_attr(struct aldap_message *msg, char **outkey,
     struct aldap_stringset **outvalues)
 {
-       struct ber_element *b, *c;
+       struct ber_element *b;
        char *key;
        struct aldap_stringset *ret;
 
        if (msg->body.search.attrs == NULL)
                goto fail;
 
-       if (ober_scanf_elements(msg->body.search.attrs, "{s(e)}e",
-           &key, &b, &c) != 0)
+       if (ober_scanf_elements(msg->body.search.attrs, "{s(e)}",
+           &key, &b) != 0)
                goto fail;
 
        msg->body.search.iter = msg->body.search.attrs->be_next;
@@ -610,7 +610,7 @@ int
 aldap_next_attr(struct aldap_message *msg, char **outkey,
     struct aldap_stringset **outvalues)
 {
-       struct ber_element *a, *b;
+       struct ber_element *a;
        char *key;
        struct aldap_stringset *ret;
 
@@ -622,8 +622,7 @@ aldap_next_attr(struct aldap_message *ms
        if (ober_get_eoc(msg->body.search.iter) == 0)
                goto notfound;
 
-       if (ober_scanf_elements(msg->body.search.iter, "{s(e)}e", &key, &a, &b)
-           != 0)
+       if (ober_scanf_elements(msg->body.search.iter, "{s(e)}", &key, &a) != 0)
                goto fail;
 
        msg->body.search.iter = msg->body.search.iter->be_next;