https://bugs.openldap.org/show_bug.cgi?id=10280
Issue ID: 10280 Summary: Combining positive & negated filters doesn't work with dynlist Product: OpenLDAP Version: 2.5.18 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: overlays Assignee: bugs@openldap.org Reporter: code@pipoprods.org Target Milestone: ---
The directory contains 3 users & 2 groups. user1 is in group1, user2 is in group2, user3 isn't is any group.
Filter [1] matches users that are either: - member of group1 - member of group2 ✅ It returns user1 & user2
Filter [2] matches user that are: - not member of group1 nor group2 ✅ It returns user3
Filter [3] should match users that are either: - member of group1 - member of group2 - not member of group1 nor group2 ❌ It should return the 3 users but only returns users matched by the first part of the filter (whatever the first part, if we swap both parts we get the complementary search results)
Filter [1]: (|(memberOf=cn=group1,ou=example-groups,dc=example,dc=com)(memberOf=cn=group2,ou=example-groups,dc=example,dc=com))
Filter [2]: (!(|(memberOf=cn=group1,ou=example-groups,dc=example,dc=com)(memberOf=cn=group2,ou=example-groups,dc=example,dc=com)))
Filter [3]: (|(memberOf=cn=group1,ou=example-groups,dc=example,dc=com)(memberOf=cn=group2,ou=example-groups,dc=example,dc=com)(!(|(memberOf=cn=group1,ou=example-groups,dc=example,dc=com)(memberOf=cn=group2,ou=example-groups,dc=example,dc=com))))
Here's my dynlist config:
``` dn: olcOverlay={2}dynlist,olcDatabase={1}mdb,cn=config objectClass: olcOverlayConfig objectClass: olcDynListConfig olcOverlay: {2}dynlist olcDynListAttrSet: {0}groupOfURLs memberURL member+memberOf@groupOfNames structuralObjectClass: olcDynListConfig entryUUID: 7df8328a-fd72-103e-82df-6fed25d5f6c8 creatorsName: cn=config createTimestamp: 20240902122741Z entryCSN: 20240902122741.257759Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20240902122741Z ```
Here's a LDIF to initialise directory contents:
``` dn: ou=example-groups,dc=example,dc=com changetype: add objectClass: organizationalUnit ou: example-groups
dn: ou=example-users,dc=example,dc=com changetype: add objectClass: organizationalUnit ou: example-users
dn: uid=user1,ou=example-users,dc=example,dc=com changetype: add objectClass: inetOrgPerson cn: User sn: One uid: user1
dn: uid=user2,ou=example-users,dc=example,dc=com changetype: add objectClass: inetOrgPerson cn: User sn: Two uid: user2
dn: uid=user3,ou=example-users,dc=example,dc=com changetype: add objectClass: inetOrgPerson cn: User sn: Three uid: user3
dn: cn=group1,ou=example-groups,dc=example,dc=com changetype: add objectClass: groupOfNames cn: group1 member: uid=user1,ou=example-users,dc=example,dc=com
dn: cn=group2,ou=example-groups,dc=example,dc=com changetype: add objectClass: groupOfNames cn: group2 member: uid=user2,ou=example-users,dc=example,dc=com ```
https://bugs.openldap.org/show_bug.cgi?id=10280
Howard Chu hyc@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Assignee|bugs@openldap.org |hyc@openldap.org
-
openldap-its@openldap.org