On Aug 2, 2007, at 11:01 PM, ando@sys-net.it wrote:
Full_Name: Pierangelo Masarati Version: HEAD/re23 OS: irrelevant URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (81.72.89.40)
I've noticed an issue related to operating on certificates with/ without ;binary, as detailed in the table below
slapadd filter requested attrs
| ;binary | no ;binary | ;binary |no ;binary -------------+--------------+--------------+-------------- +--------------- ;binary | results | results | returned | returned -------------+--------------+--------------+-------------- +--------------- no ;binary | no results | results | not returned | returned
So it seems that if data is loaded with ;binary then search operations work regardless of having specified ;binary in search filters or in requested attributes, while if data is loaded without, then search operations only work if ;binary is omitted. RFC 4523 states that ;binary MUST be used when transferring certificates, so perhaps slapd should be either liberal enough to allow any combination, or strict enough to prevent those data types from working without ;binary.
The bug is in allowing a certificate to be loaded without ;binary.
-- Kurt