Full_Name: Maria Blagoeva Version: openldap-2.4.31/debian/build/servers/slapd OS: docker image with 3.10.0-327.28.2.el7.x86_64 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (194.88.228.86)
It seems that openldap as of 2.4.31 is not RFC complaint (https://www.ietf.org/rfc/rfc2891.txt) due to failure in response when ordering match rule is empty while doing server side sorting. Example below:
empty ordering rule:
ldapsearch -E sss=cn '(cn=ccc*)' cn' (&(objectClass=inetOrgPerson)(cn=ccc*))' -H ldap://IP:389 -b "ou=Users,dc=openstack,dc=org" -D "cn=aaa1, ou=Users,dc=openstack,dc=org" -x -W # extended LDIF # # LDAPv3 # base <ou=Users,dc=openstack,dc=org> with scope subtree # filter: (cn=ccc*) # requesting: cn (&(objectClass=inetOrgPerson)(cn=ccc*)) # with server side sorting control #
# search result search: 2 result: 18 Inappropriate matching text: serverSort control: No ordering rule
# numResponses: 1
caseIgnoreOrderingMatch ordering rule:
ldapsearch -E sss=cn:caseIgnoreOrderingMatch '(cn=ccc*)' cn' (&(objectClass=inetOrgPerson)(cn=ccc*))' -H ldap://IP:389 -b "ou=Users,dc=openstack,dc=org" -D "c3D3Daaa1, ou=Users,dc=openstack,dc=org" -x -W # extended LDIF # # LDAPv3 # base <ou=Users,dc=openstack,dc=org> with scope subtree # filter: (cn=ccc*) # requesting: cn (&(objectClass=inetOrgPerson)(cn=ccc*)) # with server side sorting control #
# ccc0, Users, openstack.org dn: cn=ccc0,ou=Users,dc=openstack,dc=org # search result search: 2 result: 0 Success control: 1.2.840.113556.1.4.474 false MAMKAQA= sortResult: (0) Success
however the RFC states that the orderingRule is OPTIONAL as below:
SortKeyList ::= SEQUENCE OF SEQUENCE { attributeType AttributeDescription, orderingRule [0] MatchingRuleId OPTIONAL, reverseOrder [1] BOOLEAN DEFAULT FALSE }
however openldap fails to return entries.