--On Wednesday, September 2, 2020 8:37 PM +0100 Howard Chu hyc@symas.com wrote:
The depth is the same, the values are different from the actual that we use. I cannot share the actual values without disclosing internal details.
There's not a lot we can do without being able to reproduce the issue and see what's going on.
You could try starting with a mostly empty DB, adding just the offending value, looking at the filter debug output for a lookup on that, and see if it looks sensible first.
is the attribute abc=foo actually unique, or are there multiple occurrences of it in the DB?
I would optionally note that Symas does provide support contracts for OpenLDAP and has NDAs if this is a mission critical problem for your company. As Howard notes, without a reproduction case, it's virtually impossible for us to help here.
One option may be to see if you can reproduce the same problem after renaming the attribute to something you can disclose, combined with values that are the same exact length but are simillarly obfuscated to see if you can reproduce the issue that way. If so, you should be able to share those details.
Looking at the open bugs, I wonder if it is https://bugs.openldap.org/show_bug.cgi?id=7743
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com