Full_Name: Maria Blagoeva
Version: openldap-2.4.31/debian/build/servers/slapd
OS: docker image with 3.10.0-327.28.2.el7.x86_64
URL:
ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (194.88.228.86)
It seems that openldap as of 2.4.31 is not RFC complaint
(
https://www.ietf.org/rfc/rfc2891.txt) due to failure in response when ordering
match rule is empty while doing server side sorting. Example below:
empty ordering rule:
ldapsearch -E sss=cn '(cn=ccc*)' cn'
(&(objectClass=inetOrgPerson)(cn=ccc*))' -H
ldap://IP:389 -b "ou=Users,dc=openstack,dc=org" -D "cn=aaa1,
ou=Users,dc=openstack,dc=org" -x -W
# extended LDIF
#
# LDAPv3
# base <ou=Users,dc=openstack,dc=org> with scope subtree
# filter: (cn=ccc*)
# requesting: cn (&(objectClass=inetOrgPerson)(cn=ccc*))
# with server side sorting control
#
# search result
search: 2
result: 18 Inappropriate matching
text: serverSort control: No ordering rule
# numResponses: 1
caseIgnoreOrderingMatch ordering rule:
ldapsearch -E sss=cn:caseIgnoreOrderingMatch '(cn=ccc*)' cn'
(&(objectClass=inetOrgPerson)(cn=ccc*))' -H ldap://IP:389 -b
"ou=Users,dc=openstack,dc=org" -D "c3D3Daaa1,
ou=Users,dc=openstack,dc=org" -x
-W
# extended LDIF
#
# LDAPv3
# base <ou=Users,dc=openstack,dc=org> with scope subtree
# filter: (cn=ccc*)
# requesting: cn (&(objectClass=inetOrgPerson)(cn=ccc*))
# with server side sorting control
#
# ccc0, Users,
openstack.org
dn: cn=ccc0,ou=Users,dc=openstack,dc=org
# search result
search: 2
result: 0 Success
control: 1.2.840.113556.1.4.474 false MAMKAQA=
sortResult: (0) Success
however the RFC states that the orderingRule is OPTIONAL as below:
SortKeyList ::= SEQUENCE OF SEQUENCE {
attributeType AttributeDescription,
orderingRule [0] MatchingRuleId OPTIONAL,
reverseOrder [1] BOOLEAN DEFAULT FALSE }
however openldap fails to return entries.