hyc@symas.com wrote:

I don't think ldap_munge_filter() is adequate any more. Note that filter2bv doesn't use (?=undefined) for unknown attributeTypes or illegal values any more, it uses (?<attr>=<value>). This change was made to allow the log messages to show what the actual offending values were. A better strategy here may be to walk the Filter tree and look for (f->f_choice&SLAPD_FILTER_UNDEFINED) before making the search request, so that no retries are needed.

That's what the new patch does, for example, for back-meta. However, we still need somehow to "unparse" the filter to allow those substitutions the proxy must honor, like "(?=true)", "(?=false)".

p.

Ing. Pierangelo Masarati OpenLDAP Core Team

SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: ando@sys-net.it -----------------------------------