Hi all! To avoid the slapd's core dump when using component match filters (see ITS # 6556) I removed line 556 of file "servers/slapd/filter.c":

case LDAP_FILTER_EXT:

//mra_free( op, f->f_mra, 1 );

break;

Now component match filter search requests are answered by slapd but don't work correctly. In fact nothing is found! For example the request

/home/openldap/openldap-2.4.21-install/bin/ldapsearch -h localhost -p 9389 -D cn=openldapadmin -w welcome -b o=CustomerCA,c=de -s sub "(userCertificate:componentFilterMatch:=item:{ component "toBeSigned.serialNumber", rule allComponentsMatch, value 449 })" sncertnr

Is answered with

# extended LDIF

#

# LDAPv3

# base <o=CustomerCA,c=de> with scope subtree

# filter: (userCertificate:componentFilterMatch:=item:{ component "toBeSigned.serialNumber", rule allComponentsMatch, value 449 })

# requesting: sncertnr

#

# search result

search: 2

result: 0 Success

# numResponses: 1

But in the database of slapd there are several certificates with serialNumber 449:

lehnert.hartmut@sn-ocspr4:/opt/lehnert/Openldap-Support$ ./dumpasn1 449.cer

0 30 702: SEQUENCE {

4 30 551: SEQUENCE {

8 A0 3: [0] {

10 02 1: INTEGER 2

: }

13 02 2: INTEGER 449

17 30 13: SEQUENCE {

19 06 9: OBJECT IDENTIFIER

: sha256WithRSAEncryption (1 2 840 113549 1 1 11)

30 05 0: NULL

: }

32 30 111: SEQUENCE {

34 31 11: SET {

36 30 9: SEQUENCE {

38 06 3: OBJECT IDENTIFIER countryName (2 5 4 6)

43 13 2: PrintableString 'DE'

: }

: }

47 31 12: SET {

On slapd's side the debug message

bdb_search: <integer> does not match filter

is written out for every record.

What's going wrong here?

Regards,

Hartmut