https://bugs.openldap.org/show_bug.cgi?id=9753
--- Comment #21 from Shawn McKinney smckinney@symas.com --- (In reply to Shawn McKinney from comment #20)
(In reply to Michael Ströder from comment #19)
--- Comment #18 from Shawn McKinney smckinney@symas.com --- I see that a pwdChangedTime search was broke, then worked after the patch. Can you provide specifics as to a test case to repeat this error?
It was the usual search for entries with passwords which will expire soon (password expiry warning period).
Example filter:
(&(pwdChangedTime>=20210609160107Z)(pwdChangedTime<=20210708160107Z))
The search did not return all the expected results.
This helps. More questions, what version? Also, can you supply an (ldif) example of an entry that fit the criteria but wasn't returned by the search?
Is the condition repeatable or intermittent? Can you recreate it?
Thanks
-- Shawn
Setup test env, running 2.5 before the patch. 64-bit indexing not enabled.
Inserted 100K users, then updated their passwords.
Running this search pulls back all 100K. At this point, don't know how to recreate this error.
``` [root@tx01 ~]# ldapsearch -x -LLL -H ldap://tx01 -D "dc=example,dc=com" -w -s sub -b 'dc=example,dc=com' "(&(pwdChangedTime>=20211206230000Z)(pwdChangedTime<=20211206231000Z))" numsubordinates | grep -w -c "dn:" 100000 ```
-- Shawn