https://bugs.openldap.org/show_bug.cgi?id=9923
Issue ID: 9923 Summary: extensible match ignored Product: OpenLDAP Version: 2.6.3 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs@openldap.org Reporter: francois@rcdevs.com Target Milestone: ---
Hi,
I'm trying to use a matching rule with slapd as a proxy in front of Active Directory with back-ldap
The request is something similar to '(memberOf:1.2.840.113556.1.4.1941:=cn=gp1,o=Root)' It works if I use it directly on AD.
Unfortunately, the request is ignored by slapd and not forwarded, I receive a "success" but the result is empty.
The request is forwarded if I use something like this: '(memberOf=cn=gp1,o=Root)'
Could it be possible to forward the request to the backend? slapd doesn't need to understand the meaning of the OID.
slapd with matching rule: [2022-09-28 11:07:39] begin get_filter [2022-09-28 11:07:39] EXTENSIBLE [2022-09-28 11:07:39] daemon: activity on 1 descriptor [2022-09-28 11:07:39] end get_filter 0 [2022-09-28 11:07:39] filter: (?=undefined) [2022-09-28 11:07:39] attrs: dn [2022-09-28 11:07:39] conn=1000 op=1 SRCH base="o=root" scope=2 deref=0 filter="(?=undefined)"
slapd without matching rule: [2022-09-28 11:07:47] begin get_filter [2022-09-28 11:07:47] EQUALITY [2022-09-28 11:07:47] get_ava: unknown attributeType memberOf [2022-09-28 11:07:47] [2022-09-28 11:07:47] end get_filter 0 [2022-09-28 11:07:47] daemon: epoll: listen=7 active_threads=0 tvp=NULL [2022-09-28 11:07:47] daemon: epoll: listen=8 active_threads=0 tvp=NULL [2022-09-28 11:07:47] filter: (?memberOf=cn=gp1,o=Root) [2022-09-28 11:07:47] attrs: dn [2022-09-28 11:07:47] conn=1001 op=1 SRCH base="o=root" scope=2 deref=0 filter="(?memberOf=cn=gp1,o=Root)"
searchrequest dump: 0000 30 56 02 01 02 63 51 04 06 6f 3d 72 6f 6f 74 0a 0V...cQ..o=root. 0010 01 02 0a 01 00 02 01 00 02 01 00 01 01 00 a9 32 ...............2 0020 81 17 31 2e 32 2e 38 34 30 2e 31 31 33 35 35 36 ..1.2.840.113556 0030 2e 31 2e 34 2e 31 39 34 31 82 08 6d 65 6d 62 65 .1.4.1941..membe 0040 72 4f 66 83 0d 63 6e 3d 67 70 31 2c 6f 3d 52 6f rOf..cn=gp1,o=Ro 0050 6f 74 30 04 04 02 64 6e ot0...dn
https://bugs.openldap.org/show_bug.cgi?id=9923
Howard Chu hyc@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |INVALID Status|UNCONFIRMED |RESOLVED
--- Comment #1 from Howard Chu hyc@openldap.org --- There is no bug here. Use the openldap-technical mailing list for software usage questions.
https://bugs.openldap.org/show_bug.cgi?id=9923
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords|needs_review | Status|RESOLVED |VERIFIED