On Aug 2, 2007, at 11:01 PM, ando@sys-net.it wrote:

Full_Name: Pierangelo Masarati Version: HEAD/re23 OS: irrelevant URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (81.72.89.40)

I've noticed an issue related to operating on certificates with/ without ;binary, as detailed in the table below

slapadd filter requested attrs

         |   ;binary    |  no ;binary  |   ;binary    |   

no ;binary -------------+--------------+--------------+-------------- +--------------- ;binary | results | results | returned | returned -------------+--------------+--------------+-------------- +--------------- no ;binary | no results | results | not returned | returned

So it seems that if data is loaded with ;binary then search operations work regardless of having specified ;binary in search filters or in requested attributes, while if data is loaded without, then search operations only work if ;binary is omitted. RFC 4523 states that ;binary MUST be used when transferring certificates, so perhaps slapd should be either liberal enough to allow any combination, or strict enough to prevent those data types from working without ;binary.

The bug is in allowing a certificate to be loaded without ;binary.

-- Kurt