Full_Name: Rici Lake Version: 2.3.21 OS: various URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (200.106.32.142)
In servers/slapd/back-meta/search.c the function ldap_back_dn_massage is called at line 394 (in HEAD) in the function meta_back_search_start. It then checks the return code using a switch statement, where the default branch is to accept the rewrite.
However, it is checking for return codes REWRITE_REGEXEC_{UNWILLING, ERR} while ldap_back_dn_massage is returning actual LDAP error codes (LDAP_UNWILLING_TO_PERFORM, LDAP_OTHER).
Consequently, the "@" action is not honoured, and neither is any other return code inserted with a "U" action.