https://bugs.openldap.org/show_bug.cgi?id=10131
Issue ID: 10131 Summary: wildcard search crash slapd with OU containing parenthesis Product: OpenLDAP Version: 2.5.16 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs@openldap.org Reporter: bourguijl@gmail.com Target Milestone: ---
Dears,
When I do following ldapsearch as following :
ldapsearch -x -H ldap://hostname:3891 -b "o=mobistar.be" -s subtree "(&(objectClass=groupOfUniqueNames)(uniqueMember=uid=jlb,ou=*,o=mobistar.be))" cn dn
and the DB is containing these entries :
dn: uid=jlb,ou=Test (aa),ou=Partners,o=mobistar.be dn: ou=Test (aa),ou=Partners,o=mobistar.be
even if this "uid=jlb" isn't member of a group as uniqueMember, it makes slapd crashing.
I did test it on versions 2.5.7 & 2.5.16, same result --> slapd crashed.
Seems to be related to parenthesis presence in OU attribut.
Is it a bug ?
Thx, Jean-Luc.
https://bugs.openldap.org/show_bug.cgi?id=10131
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords|needs_review | Target Milestone|--- |2.5.17 Assignee|bugs@openldap.org |hyc@openldap.org
https://bugs.openldap.org/show_bug.cgi?id=10131
--- Comment #1 from Jean-Luc bourguijl@gmail.com --- Dears,
I did same test against version 2.6.6 and it's the same behaviour :-( slapd crashed !!
Can you handle it asap because it's a potential break down for all our ldap instances including our PROD ones.
Thx, Jean-Luc.
https://bugs.openldap.org/show_bug.cgi?id=10131
--- Comment #2 from Quanah Gibson-Mount quanah@openldap.org --- Hi, are these static groups or are you using dynlist for them?
https://bugs.openldap.org/show_bug.cgi?id=10131
--- Comment #3 from Howard Chu hyc@openldap.org --- Note that the syntax for uniqueMember doesn't support substrings, so the filter you provided is invalid. Testing with the scant information you provided shows no crash here. You'll need to provide more info, like a complete configuration sufficient to reproduce the crash.
https://bugs.openldap.org/show_bug.cgi?id=10131
Jean-Luc bourguijl@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|UNCONFIRMED |RESOLVED
--- Comment #4 from Jean-Luc bourguijl@gmail.com --- Dears,
This issue was caused by one of our overlay used to manage "uniquemember" attribut in which parentesis were not correctly managed and then send an erroneous filter to the ldapsearch then crashes tje slapd process. I've updated the code to avoid this issue which was unknown until some special ldapsearch on uniquement were done last month.
Thx for help and sorry for disturbance.
Jean-Luc.
https://bugs.openldap.org/show_bug.cgi?id=10131
Howard Chu hyc@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|FIXED |INVALID
--- Comment #5 from Howard Chu hyc@openldap.org --- No OpenLDAP bug.
https://bugs.openldap.org/show_bug.cgi?id=10131
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Assignee|hyc@openldap.org |bugs@openldap.org Status|RESOLVED |VERIFIED Target Milestone|2.5.17 |---
-
openldap-its@openldap.org