Full_Name: Alex Moneger Version: 2.4.35 OS: centos 6.3 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (64.103.25.102)

Hi,

When trying to define a template which query contains a '!', slapd complains about a syntax issue in the config file and refuses to start. This is because there seems to be a missing check for '!' in template_attrs() in pcache.c, so '!' char is passed to slap_bv2ad() which correctly errors out. i.e:

May 27 20:53:53 centos63 slapd[44623]: line 71 (pcacheTemplate (&(gidNumber=)(objectClass=)(cn=*)(&(gidNumber=*)(!(gidNumber=)))) 0 3600) May 27 20:53:53 centos63 slapd[44623]: /etc/openldap/pcache.conf: line 71: unable to parse template: AttributeDescription contains inappropriate characters.

I believe the use of "not" should be allowed in cacheable templates, since they appear to be a valid search filter definition as per RFC 2254.

The fix is very easy. I cannot upload the diff to the ftp server, since it errors with space related errors when uploading the file.

Content of the diff: --- openldap-2.4.35/servers/slapd/overlays/pcache.c 2013-03-28 15:41:51.000000000 +0000 +++ openldap-2.4.35/servers/slapd/overlays/pcache.c0 2013-05-27 21:27:20.847919253 +0100 @@ -523,7 +523,7 @@ allop = an_find( attrs, slap_bv_all_operational_attrs );

for (;;) { - while ( *p1 == '(' || *p1 == '&' || *p1 == '|' || *p1 == ')' ) p1++; + while ( *p1 == '(' || *p1 == '&' || *p1 == '|' || *p1 == ')' || *p1 == '!') p1++; p2 = strchr( p1, '=' ); if ( !p2 ) break;

It can be applied this way if you consider this of any use: cd "${HOME}"/openldap-2.4.35 patch -p0 --verbose < ~/pcache.p0

Cheers, Alex