Full_Name: Pierangelo Masarati
Version: HEAD/re23
OS: irrelevant
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (81.72.89.40)
I've noticed an issue related to operating on certificates with/
without ;binary,
as detailed in the table below
slapadd filter requested attrs
| ;binary | no ;binary | ;binary |
no ;binary
-------------+--------------+--------------+--------------
+---------------
;binary | results | results | returned | returned
-------------+--------------+--------------+--------------
+---------------
no ;binary | no results | results | not returned | returned
So it seems that if data is loaded with ;binary then search
operations work
regardless of having specified ;binary in search filters or in
requested
attributes, while if data is loaded without, then search operations
only work if
;binary is omitted. RFC 4523 states that ;binary MUST be used when
transferring
certificates, so perhaps slapd should be either liberal enough to
allow any
combination, or strict enough to prevent those data types from
working without
;binary.
The bug is in allowing a certificate to be loaded without ;binary.