Full_Name: Pierangelo Masarati Version: HEAD/re23 OS: irrelevant URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (81.72.89.40)
I've noticed an issue related to operating on certificates with/without ;binary, as detailed in the table below
slapadd filter requested attrs
| ;binary | no ;binary | ;binary | no ;binary -------------+--------------+--------------+--------------+--------------- ;binary | results | results | returned | returned -------------+--------------+--------------+--------------+--------------- no ;binary | no results | results | not returned | returned
So it seems that if data is loaded with ;binary then search operations work regardless of having specified ;binary in search filters or in requested attributes, while if data is loaded without, then search operations only work if ;binary is omitted. RFC 4523 states that ;binary MUST be used when transferring certificates, so perhaps slapd should be either liberal enough to allow any combination, or strict enough to prevent those data types from working without ;binary.
p.