alexoz66@gmail.com wrote:
Full_Name: John Alex. Version: 2.4.39 OS: FreeBSD 9.2 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (37.6.134.63)
Values of reqAttr in accesslog entries are not searchable the normal way if they contain at least an uppercase character.
Thanks for the report, fixed in git master
Even though the reqAttr attribute has a caseIgnoreMatch search rule, the only way to search for values containing uppercase characters is to explicitly use a caseExactMatch rule.
Consider this accesslog entry for example:
dn: reqStart=20140905054555.000001Z,cn=accesslog objectClass: auditSearch reqAttr: givenName reqAttrsOnly: FALSE reqAuthzID: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth reqDerefAliases: never reqDN: dc=example,dc=com reqEnd: 20140905054555.000002Z reqEntries: 9 reqFilter: (objectClass=*) reqResult: 0 reqScope: sub reqSession: 1268 reqSizeLimit: 500 reqStart: 20140905054555.000001Z reqTimeLimit: 3600 reqType: search
Searching with "(reqAttr=givenName)" will not return results, while using "(reqAttr:caseExactMatch:=givenName)" will return the above entry. Accesslog entries where values of reqAttr contain only lowercase characters are returned correctly with the "(reqAttr=givenName)" filter.
The same behavior can be observed with reqFilter (and probably other attributes as well but I didn't test).
This applies to entries added to the db by the accesslog overlay and not to entries otherwise inserted.