rpms/389-ds-base
1
0
Fork 0
mirror of https://git.centos.org/rpms/389-ds-base.git synced 2025-02-23 16:22:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

import 389-ds-base-1.3.8.4-18.el7_6

Browse source
This commit is contained in:
CentOS Sources 2018-11-26 10:29:58 -05:00
parent edc5f25778
commit bc0d6c0898
4 changed files with 609 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

266
SOURCES/0010-Ticket-49968-Confusing-CRITICAL-message-list_candida.patch Normal file
View file

@ -0,0 +1,266 @@
From 3796e26e93991ded631ac57053049e9aad44c53b Mon Sep 17 00:00:00 2001
From: Thierry Bordaz <tbordaz@redhat.com>
Date: Wed, 10 Oct 2018 15:35:12 +0200
Subject: [PATCH] Ticket 49968 - Confusing CRITICAL message: list_candidates -
NULL idl was recieved from filter_candidates_ext
Bug Description:
When a filter component is indexed but returns an empty IDL
an alarming message is logged although it is normal.
Fix Description:
Remove the alarming message
https://pagure.io/389-ds-base/issue/49968
Reviewed by: Mark Reynolds
Platforms tested: F27 + testcase
Flag Day: no
Doc impact: no
---
dirsrvtests/tests/suites/basic/basic_test.py | 202 +++++++++++++++++++
ldap/servers/slapd/back-ldbm/filterindex.c | 10 +-
2 files changed, 204 insertions(+), 8 deletions(-)
diff --git a/dirsrvtests/tests/suites/basic/basic_test.py b/dirsrvtests/tests/suites/basic/basic_test.py
index 45988dc7a..dc366cd67 100644
--- a/dirsrvtests/tests/suites/basic/basic_test.py
+++ b/dirsrvtests/tests/suites/basic/basic_test.py
@@ -868,6 +868,208 @@ adds nsslapd-return-default-opattr attr with value of one operation attribute.
log.fatal('Search failed, error: ' + e.message['desc'])
assert False
+
+@pytest.fixture(scope="module")
+def create_users(topology_st):
+ """Add users to the default suffix
+ """
+
+ users = UserAccounts(topology_st.standalone, DEFAULT_SUFFIX)
+ user_names = ["Directory", "Server", "389", "lib389", "pytest"]
+
+ log.info('Adding 5 test users')
+ for name in user_names:
+ user = users.create(properties={
+ 'uid': name,
+ 'sn': name,
+ 'cn': name,
+ 'uidNumber': '1000',
+ 'gidNumber': '1000',
+ 'homeDirectory': '/home/%s' % name,
+ 'mail': '%s@example.com' % name,
+ 'userpassword': 'pass%s' % name,
+ })
+
+
+def test_basic_anonymous_search(topology_st, create_users):
+ """Tests basic anonymous search operations
+
+ :id: c7831e04-f458-4e50-83c7-b6f77109f639
+ :setup: Standalone instance
+ Add 5 test users with different user names
+ :steps:
+ 1. Execute anonymous search with different filters
+ :expectedresults:
+ 1. Search should be successful
+ """
+
+ filters = ["uid=Directory", "(|(uid=S*)(uid=3*))", "(&(uid=l*)(mail=l*))", "(&(!(uid=D*))(ou=People))"]
+ log.info("Execute anonymous search with different filters")
+ for filtr in filters:
+ entries = topology_st.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, filtr)
+ assert len(entries) != 0
+
+
+@pytest.mark.ds604
+@pytest.mark.bz915801
+def test_search_original_type(topology_st, create_users):
+ """Test ldapsearch returning original attributes
+ using nsslapd-search-return-original-type-switch
+
+ :id: d7831d04-f558-4e50-93c7-b6f77109f640
+ :setup: Standalone instance
+ Add some test entries
+ :steps:
+ 1. Set nsslapd-search-return-original-type-switch to ON
+ 2. Check that ldapsearch *does* return unknown attributes
+ 3. Turn off nsslapd-search-return-original-type-switch
+ 4. Check that ldapsearch doesn't return any unknown attributes
+ :expectedresults:
+ 1. nsslapd-search-return-original-type-switch should be set to ON
+ 2. ldapsearch should return unknown attributes
+ 3. nsslapd-search-return-original-type-switch should be OFF
+ 4. ldapsearch should not return any unknown attributes
+ """
+
+ log.info("Set nsslapd-search-return-original-type-switch to ON")
+ topology_st.standalone.config.set('nsslapd-search-return-original-type-switch', 'on')
+
+ log.info("Check that ldapsearch *does* return unknown attributes")
+ entries = topology_st.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, 'uid=Directory',
+ ['objectclass overflow', 'unknown'])
+ assert "objectclass overflow" in entries[0].getAttrs()
+
+ log.info("Set nsslapd-search-return-original-type-switch to Off")
+ topology_st.standalone.config.set('nsslapd-search-return-original-type-switch', 'off')
+ log.info("Check that ldapsearch *does not* return unknown attributes")
+ entries = topology_st.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, 'uid=Directory',
+ ['objectclass overflow', 'unknown'])
+ assert "objectclass overflow" not in entries[0].getAttrs()
+
+
+@pytest.mark.bz192901
+def test_search_ou(topology_st):
+ """Test that DS should not return an entry that does not match the filter
+
+ :id: d7831d05-f117-4e89-93c7-b6f77109f640
+ :setup: Standalone instance
+ :steps:
+ 1. Create an OU entry without sub entries
+ 2. Search from the OU with the filter that does not match the OU
+ :expectedresults:
+ 1. Creation of OU should be successful
+ 2. Search should not return any results
+ """
+
+ log.info("Create a test OU without sub entries")
+ ou = OrganizationalUnits(topology_st.standalone, DEFAULT_SUFFIX)
+ ou.create(properties={
+ 'ou': 'test_ou',
+ })
+
+ search_base = ("ou=test_ou,%s" % DEFAULT_SUFFIX)
+ log.info("Search from the OU with the filter that does not match the OU, it should not return anything")
+ entries = topology_st.standalone.search_s(search_base, ldap.SCOPE_SUBTREE, 'uid=*', ['dn'])
+ assert len(entries) == 0
+
+
+@pytest.mark.bz1044135
+@pytest.mark.ds47319
+def test_connection_buffer_size(topology_st):
+ """Test connection buffer size adjustable with different values(valid values and invalid)
+
+ :id: e7831d05-f117-4ec9-1203-b6f77109f117
+ :setup: Standalone instance
+ :steps:
+ 1. Set nsslapd-connection-buffer to some valid values (2, 0 , 1)
+ 2. Set nsslapd-connection-buffer to some invalid values (-1, a)
+ :expectedresults:
+ 1. This should pass
+ 2. This should fail
+ """
+
+ valid_values = ['2', '0', '1']
+ for value in valid_values:
+ topology_st.standalone.config.replace('nsslapd-connection-buffer', value)
+
+ invalid_values = ['-1', 'a']
+ for value in invalid_values:
+ with pytest.raises(ldap.OPERATIONS_ERROR):
+ topology_st.standalone.config.replace('nsslapd-connection-buffer', value)
+
+@pytest.mark.bz1637439
+def test_critical_msg_on_empty_range_idl(topology_st):
+ """Doing a range index lookup should not report a critical message even if IDL is empty
+
+ :id: a07a2222-0551-44a6-b113-401d23799364
+ :setup: Standalone instance
+ :steps:
+ 1. Create an index for internationalISDNNumber. (attribute chosen because it is
+ unlikely that previous tests used it)
+ 2. telephoneNumber being indexed by default create 20 users without telephoneNumber
+ 3. add a telephoneNumber value and delete it to trigger an empty index database
+ 4. Do a search that triggers a range lookup on empty telephoneNumber
+ 5. Check that the critical message is not logged in error logs
+ :expectedresults:
+ 1. This should pass
+ 2. This should pass
+ 3. This should pass
+ 4. This should pass on normal build but could abort a debug build
+ 4. This should pass
+ """
+ indexedAttr = 'internationalISDNNumber'
+
+ # Step 1
+ from lib389.index import Indexes
+
+ indexes = Indexes(topology_st.standalone)
+ indexes.create(properties={
+ 'cn': indexedAttr,
+ 'nsSystemIndex': 'false',
+ 'nsIndexType': 'eq'
+ })
+ topology_st.standalone.restart()
+
+ # Step 2
+ users = UserAccounts(topology_st.standalone, DEFAULT_SUFFIX)
+ log.info('Adding 20 users without "%s"' % indexedAttr)
+ for i in range(20):
+ name = 'user_%d' % i
+ last_user = users.create(properties={
+ 'uid': name,
+ 'sn': name,
+ 'cn': name,
+ 'uidNumber': '1000',
+ 'gidNumber': '1000',
+ 'homeDirectory': '/home/%s' % name,
+ 'mail': '%s@example.com' % name,
+ 'userpassword': 'pass%s' % name,
+ })
+
+ # Step 3
+ # required update to create the indexAttr (i.e. 'loginShell') database, and then make it empty
+ topology_st.standalone.modify_s(last_user.dn, [(ldap.MOD_ADD, indexedAttr, b'1234')])
+ ent = topology_st.standalone.getEntry(last_user.dn, ldap.SCOPE_BASE,)
+ assert ent
+ assert ent.hasAttr(indexedAttr)
+ topology_st.standalone.modify_s(last_user.dn, [(ldap.MOD_DELETE, indexedAttr, None)])
+ ent = topology_st.standalone.getEntry(last_user.dn, ldap.SCOPE_BASE,)
+ assert ent
+ assert not ent.hasAttr(indexedAttr)
+
+ # Step 4
+ # The first component being not indexed the range on second is evaluated
+ try:
+ ents = topology_st.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, '(&(sudoNotAfter=*)(%s>=111))' % indexedAttr)
+ assert len(ents) == 0
+ except ldap.SERVER_DOWN:
+ log.error('Likely testing against a debug version that asserted')
+ pass
+
+ # Step 5
+ assert not topology_st.standalone.searchErrorsLog('CRIT - list_candidates - NULL idl was recieved from filter_candidates_ext.')
+
+
if __name__ == '__main__':
# Run isolated
# -s for DEBUG mode
diff --git a/ldap/servers/slapd/back-ldbm/filterindex.c b/ldap/servers/slapd/back-ldbm/filterindex.c
index 6d36ba33e..3ef04f884 100644
--- a/ldap/servers/slapd/back-ldbm/filterindex.c
+++ b/ldap/servers/slapd/back-ldbm/filterindex.c
@@ -803,16 +803,10 @@ list_candidates(
}
/*
- * Assert we recieved a valid idl. If it was NULL, it means somewhere we failed
- * during the dblayer interactions.
- *
- * idl_set requires a valid idl structure to generate the linked list of
- * idls that we insert.
+ * The IDL for that component is NULL, so no candidate retrieved from that component. This is all normal
+ * Just build a idl with an empty set
*/
if (tmp == NULL) {
- slapi_log_err(SLAPI_LOG_CRIT, "list_candidates", "NULL idl was recieved from filter_candidates_ext.");
- slapi_log_err(SLAPI_LOG_CRIT, "list_candidates", "Falling back to empty IDL set. This may affect your search results.");
- PR_ASSERT(tmp);
tmp = idl_alloc(0);
}
--
2.17.2

62
SOURCES/0011-Ticket-49967-entry-cache-corruption-after-failed-MOD.patch Normal file
View file

@ -0,0 +1,62 @@
From a7ee52bd4b0bce82402a581ee16659ebb2f8d96e Mon Sep 17 00:00:00 2001
From: Thierry Bordaz <tbordaz@redhat.com>
Date: Wed, 24 Oct 2018 15:31:25 +0200
Subject: [PATCH 1/2] Ticket 49967 - entry cache corruption after failed MODRDN
Bug Description:
During a MODRDN the DN cache is updated to replace
source DN with the target DN (modrdn_rename_entry_update_indexes)
If later a failure occurs (for example if BETXN_POSTOP fails) and
the txn is aborted, the target DN (for the specific entryID) remains
in the DN cache.
If the entry is returned in a search, to build the DN there is
a lookup of the DN cache with the entryID. It retrieves the target DN
rather than the source DN
Fix Description:
In case of failure of the operation, the entry (from the entryID)
need to be cleared from the DN cache
https://pagure.io/389-ds-base/issue/49967
Reviewed by: Mark Reynolds
Platforms tested: F27
Flag Day: no
Doc impact: no
(cherry picked from commit ab4af68ef49fcdc5f2f6d0c1f5c7b9a5333b1bee)
---
ldap/servers/slapd/back-ldbm/ldbm_modrdn.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c b/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
index 71e2a8fe0..e2e9d1b46 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
@@ -1400,6 +1400,19 @@ common_return:
}
}
}
+
+ if (ec && retval) {
+ /* if the operation failed, the destination entry does not exist
+ * but it has been added in dncache during cache_add_tentative
+ * we need to remove it. Else a retrieval from ep_id can give the wrong DN
+ */
+ struct backdn *bdn = dncache_find_id(&inst->inst_dncache, ec->ep_id);
+ slapi_log_err(SLAPI_LOG_CACHE, "ldbm_back_modrdn",
+ "operation failed, the target entry is cleared from dncache (%s)\n", slapi_entry_get_dn(ec->ep_entry));
+ CACHE_REMOVE(&inst->inst_dncache, bdn);
+ CACHE_RETURN(&inst->inst_dncache, &bdn);
+ }
+
/* remove the new entry from the cache if the op failed -
otherwise, leave it in */
if (ec && inst) {
--
2.17.2

264
SOURCES/0012-Ticket-49958-extended-search-fail-to-match-entries.patch Normal file
View file

@ -0,0 +1,264 @@
From 02de69d6987b059459980b50de285c2fd7bb3e2c Mon Sep 17 00:00:00 2001
From: Thierry Bordaz <tbordaz@redhat.com>
Date: Mon, 24 Sep 2018 14:14:16 +0200
Subject: [PATCH] Ticket 49958: extended search fail to match entries
Bug Description:
During an extended search, a structure is created for each filter component.
The structure contains the keys generated from the assertion and using the given
matching rule indexer.
Later the keys will be compared (with the MR) with keys generated from the
attribute values of the candidate entries.
The bug is that parsing the assertion, instead of removing the heading spaces
the routine clear the assertion that is empty. So the generated keys is NULL.
Fix Description:
The fix consists to only remove heading spaces
https://pagure.io/389-ds-base/issue/49958
Reviewed by: Mark Reynolds
Platforms tested: F27
Flag Day: no
Doc impact: no
---
.../tests/suites/filter/filter_test.py | 203 ++++++++++++++++++
ldap/servers/plugins/collation/orfilter.c | 4 +-
2 files changed, 204 insertions(+), 3 deletions(-)
diff --git a/dirsrvtests/tests/suites/filter/filter_test.py b/dirsrvtests/tests/suites/filter/filter_test.py
index 280db68a3..61c449989 100644
--- a/dirsrvtests/tests/suites/filter/filter_test.py
+++ b/dirsrvtests/tests/suites/filter/filter_test.py
@@ -83,6 +83,209 @@ def test_filter_search_original_attrs(topology_st):
log.info('test_filter_search_original_attrs: PASSED')
+@pytest.mark.bz1511462
+def test_filter_scope_one(topology_st):
+ """Test ldapsearch with scope one gives only single entry
+
+ :id: cf5a6078-bbe6-4d43-ac71-553c45923f91
+ :setup: Standalone instance
+ :steps:
+ 1. Search cn=Directory Administrators,dc=example,dc=com using ldapsearch with
+ scope one using base as dc=example,dc=com
+ 2. Check that search should return only one entry
+ :expectedresults:
+ 1. This should pass
+ 2. This should pass
+ """
+
+ parent_dn="dn: dc=example,dc=com"
+ child_dn="dn: cn=Directory Administrators,dc=example,dc=com"
+
+ log.info('Search user using ldapsearch with scope one')
+ results = topology_st.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_ONELEVEL,'cn=Directory Administrators',['cn'] )
+ log.info(results)
+
+ log.info('Search should only have one entry')
+ assert len(results) == 1
+
+@pytest.mark.ds47313
+def test_filter_with_attribute_subtype(topology_st):
+ """Adds 2 test entries and Search with
+ filters including subtype and !
+
+ :id: 0e69f5f2-6a0a-480e-8282-fbcc50231908
+ :setup: Standalone instance
+ :steps:
+ 1. Add 2 entries and create 3 filters
+ 2. Search for entry with filter: (&(cn=test_entry en only)(!(cn=test_entry fr)))
+ 3. Search for entry with filter: (&(cn=test_entry en only)(!(cn;fr=test_entry fr)))
+ 4. Search for entry with filter: (&(cn=test_entry en only)(!(cn;en=test_entry en)))
+ 5. Delete the added entries
+ :expectedresults:
+ 1. Operation should be successful
+ 2. Search should be successful
+ 3. Search should be successful
+ 4. Search should not be successful
+ 5. Delete the added entries
+ """
+
+ # bind as directory manager
+ topology_st.standalone.log.info("Bind as %s" % DN_DM)
+ topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
+
+ # enable filter error logging
+ # mod = [(ldap.MOD_REPLACE, 'nsslapd-errorlog-level', '32')]
+ # topology_st.standalone.modify_s(DN_CONFIG, mod)
+
+ topology_st.standalone.log.info("\n\n######################### ADD ######################\n")
+
+ # Prepare the entry with cn;fr & cn;en
+ entry_name_fr = '%s fr' % (ENTRY_NAME)
+ entry_name_en = '%s en' % (ENTRY_NAME)
+ entry_name_both = '%s both' % (ENTRY_NAME)
+ entry_dn_both = 'cn=%s, %s' % (entry_name_both, SUFFIX)
+ entry_both = Entry(entry_dn_both)
+ entry_both.setValues('objectclass', 'top', 'person')
+ entry_both.setValues('sn', entry_name_both)
+ entry_both.setValues('cn', entry_name_both)
+ entry_both.setValues('cn;fr', entry_name_fr)
+ entry_both.setValues('cn;en', entry_name_en)
+
+ # Prepare the entry with one member
+ entry_name_en_only = '%s en only' % (ENTRY_NAME)
+ entry_dn_en_only = 'cn=%s, %s' % (entry_name_en_only, SUFFIX)
+ entry_en_only = Entry(entry_dn_en_only)
+ entry_en_only.setValues('objectclass', 'top', 'person')
+ entry_en_only.setValues('sn', entry_name_en_only)
+ entry_en_only.setValues('cn', entry_name_en_only)
+ entry_en_only.setValues('cn;en', entry_name_en)
+
+ topology_st.standalone.log.info("Try to add Add %s: %r" % (entry_dn_both, entry_both))
+ topology_st.standalone.add_s(entry_both)
+
+ topology_st.standalone.log.info("Try to add Add %s: %r" % (entry_dn_en_only, entry_en_only))
+ topology_st.standalone.add_s(entry_en_only)
+
+ topology_st.standalone.log.info("\n\n######################### SEARCH ######################\n")
+
+ # filter: (&(cn=test_entry en only)(!(cn=test_entry fr)))
+ myfilter = '(&(sn=%s)(!(cn=%s)))' % (entry_name_en_only, entry_name_fr)
+ topology_st.standalone.log.info("Try to search with filter %s" % myfilter)
+ ents = topology_st.standalone.search_s(SUFFIX, ldap.SCOPE_SUBTREE, myfilter)
+ assert len(ents) == 1
+ assert ensure_str(ents[0].sn) == entry_name_en_only
+ topology_st.standalone.log.info("Found %s" % ents[0].dn)
+
+ # filter: (&(cn=test_entry en only)(!(cn;fr=test_entry fr)))
+ myfilter = '(&(sn=%s)(!(cn;fr=%s)))' % (entry_name_en_only, entry_name_fr)
+ topology_st.standalone.log.info("Try to search with filter %s" % myfilter)
+ ents = topology_st.standalone.search_s(SUFFIX, ldap.SCOPE_SUBTREE, myfilter)
+ assert len(ents) == 1
+ assert ensure_str(ents[0].sn) == entry_name_en_only
+ topology_st.standalone.log.info("Found %s" % ents[0].dn)
+
+ # filter: (&(cn=test_entry en only)(!(cn;en=test_entry en)))
+ myfilter = '(&(sn=%s)(!(cn;en=%s)))' % (entry_name_en_only, entry_name_en)
+ topology_st.standalone.log.info("Try to search with filter %s" % myfilter)
+ ents = topology_st.standalone.search_s(SUFFIX, ldap.SCOPE_SUBTREE, myfilter)
+ assert len(ents) == 0
+ topology_st.standalone.log.info("Found none")
+
+ topology_st.standalone.log.info("\n\n######################### DELETE ######################\n")
+
+ topology_st.standalone.log.info("Try to delete %s " % entry_dn_both)
+ topology_st.standalone.delete_s(entry_dn_both)
+
+ topology_st.standalone.log.info("Try to delete %s " % entry_dn_en_only)
+ topology_st.standalone.delete_s(entry_dn_en_only)
+
+ log.info('Testcase PASSED')
+
+
+@pytest.mark.bz1615155
+def test_extended_search(topology_st):
+ """Test we can search with equality extended matching rule
+
+ :id:
+ :setup: Standalone instance
+ :steps:
+ 1. Add a test user with 'sn: ext-test-entry'
+ 2. Search '(cn:de:=ext-test-entry)'
+ 3. Search '(sn:caseIgnoreIA5Match:=EXT-TEST-ENTRY)'
+ 4. Search '(sn:caseIgnoreMatch:=EXT-TEST-ENTRY)'
+ 5. Search '(sn:caseExactMatch:=EXT-TEST-ENTRY)'
+ 6. Search '(sn:caseExactMatch:=ext-test-entry)'
+ 7. Search '(sn:caseExactIA5Match:=EXT-TEST-ENTRY)'
+ 8. Search '(sn:caseExactIA5Match:=ext-test-entry)'
+ :expectedresults:
+ 1. This should pass
+ 2. This should return one entry
+ 3. This should return one entry
+ 4. This should return one entry
+ 5. This should return NO entry
+ 6. This should return one entry
+ 7. This should return NO entry
+ 8. This should return one entry
+ 3. return one entry
+ """
+ log.info('Running test_filter_escaped...')
+
+ ATTR_VAL = 'ext-test-entry'
+ USER1_DN = "uid=%s,%s" % (ATTR_VAL, DEFAULT_SUFFIX)
+
+ try:
+ topology_st.standalone.add_s(Entry((USER1_DN, {'objectclass': "top extensibleObject".split(),
+ 'sn': ATTR_VAL.encode(),
+ 'cn': ATTR_VAL.encode(),
+ 'uid': ATTR_VAL.encode()})))
+ except ldap.LDAPError as e:
+ log.fatal('test_extended_search: Failed to add test user ' + USER1_DN + ': error ' +
+ e.message['desc'])
+ assert False
+
+ # filter: '(cn:de:=ext-test-entry)'
+ myfilter = '(cn:de:=%s)' % ATTR_VAL
+ topology_st.standalone.log.info("Try to search with filter %s" % myfilter)
+ ents = topology_st.standalone.search_s(SUFFIX, ldap.SCOPE_SUBTREE, myfilter)
+ assert len(ents) == 1
+
+ # filter: '(sn:caseIgnoreIA5Match:=EXT-TEST-ENTRY)'
+ myfilter = '(cn:caseIgnoreIA5Match:=%s)' % ATTR_VAL.upper()
+ topology_st.standalone.log.info("Try to search with filter %s" % myfilter)
+ ents = topology_st.standalone.search_s(SUFFIX, ldap.SCOPE_SUBTREE, myfilter)
+ assert len(ents) == 1
+
+ # filter: '(sn:caseIgnoreMatch:=EXT-TEST-ENTRY)'
+ myfilter = '(cn:caseIgnoreMatch:=%s)' % ATTR_VAL.upper()
+ topology_st.standalone.log.info("Try to search with filter %s" % myfilter)
+ ents = topology_st.standalone.search_s(SUFFIX, ldap.SCOPE_SUBTREE, myfilter)
+ assert len(ents) == 1
+
+ # filter: '(sn:caseExactMatch:=EXT-TEST-ENTRY)'
+ myfilter = '(cn:caseExactMatch:=%s)' % ATTR_VAL.upper()
+ topology_st.standalone.log.info("Try to search with filter %s" % myfilter)
+ ents = topology_st.standalone.search_s(SUFFIX, ldap.SCOPE_SUBTREE, myfilter)
+ assert len(ents) == 0
+
+ # filter: '(sn:caseExactMatch:=ext-test-entry)'
+ myfilter = '(cn:caseExactMatch:=%s)' % ATTR_VAL
+ topology_st.standalone.log.info("Try to search with filter %s" % myfilter)
+ ents = topology_st.standalone.search_s(SUFFIX, ldap.SCOPE_SUBTREE, myfilter)
+ assert len(ents) == 1
+
+ # filter: '(sn:caseExactIA5Match:=EXT-TEST-ENTRY)'
+ myfilter = '(cn:caseExactIA5Match:=%s)' % ATTR_VAL.upper()
+ topology_st.standalone.log.info("Try to search with filter %s" % myfilter)
+ ents = topology_st.standalone.search_s(SUFFIX, ldap.SCOPE_SUBTREE, myfilter)
+ assert len(ents) == 0
+
+ # filter: '(sn:caseExactIA5Match:=ext-test-entry)'
+ myfilter = '(cn:caseExactIA5Match:=%s)' % ATTR_VAL
+ topology_st.standalone.log.info("Try to search with filter %s" % myfilter)
+ ents = topology_st.standalone.search_s(SUFFIX, ldap.SCOPE_SUBTREE, myfilter)
+ assert len(ents) == 1
+
+
if __name__ == '__main__':
# Run isolated
# -s for DEBUG mode
diff --git a/ldap/servers/plugins/collation/orfilter.c b/ldap/servers/plugins/collation/orfilter.c
index 7705de9d6..c092d77ca 100644
--- a/ldap/servers/plugins/collation/orfilter.c
+++ b/ldap/servers/plugins/collation/orfilter.c
@@ -531,10 +531,8 @@ or_filter_create(Slapi_PBlock *pb)
default:
break;
}
- for (; len > 0 && *val != ' '; ++val, --len)
+ for (; len > 0 && *val == ' '; ++val, --len)
;
- if (len > 0)
- ++val, --len; /* skip the space */
bv.bv_len = len;
bv.bv_val = (len > 0) ? val : NULL;
} else { /* mrOID does not identify an ordering rule. */
--
2.17.2

20
SPECS/389-ds-base.spec
View file

@ -39,7 +39,7 @@
Summary: 389 Directory Server (%{variant})
Name: 389-ds-base
Version: 1.3.8.4
Release: %{?relprefix}15%{?prerel}%{?dist}
Release: %{?relprefix}18%{?prerel}%{?dist}
License: GPLv3+
URL: https://www.port389.org/
Group: System Environment/Daemons
@ -156,6 +156,9 @@ Patch06: 0006-Bug-1614820-Crash-in-vslapd_log_emergency_error.patch
Patch07: 0007-Ticket-49932-Crash-in-delete_passwdPolicy-when-persi.patch
Patch08: 0008-Bug-1624004-potential-denial-of-service-attack.patch
Patch09: 0009-Bug-1624004-fix-regression-in-empty-attribute-list.patch
Patch10: 0010-Ticket-49968-Confusing-CRITICAL-message-list_candida.patch
Patch11: 0011-Ticket-49967-entry-cache-corruption-after-failed-MOD.patch
Patch12: 0012-Ticket-49958-extended-search-fail-to-match-entries.patch
%description
389 Directory Server is an LDAPv3 compliant server. The base package includes
@ -309,8 +312,7 @@ output=/dev/null
output2=/dev/null
# reload to pick up any changes to systemd files
/bin/systemctl daemon-reload >$output 2>&1 || :
# reload to pick up any shared lib changes
/sbin/ldconfig
# find all instances
instances="" # instances that require a restart after upgrade
ninst=0 # number of instances found in total
@ -505,6 +507,18 @@ fi
%{_sysconfdir}/%{pkgname}/dirsrvtests
%changelog
* Mon Oct 29 2018 Mark Reynolds <mreynolds@redhat.com> - 1.3.8.4-18
- Bump version to 1.3.8.4-18
- Resolves: Bug 1638516 - CRIT - list_candidates - NULL idl was recieved from filter_candidates_ex
* Mon Oct 29 2018 Mark Reynolds <mreynolds@redhat.com> - 1.3.8.4-17
- Bump version to 1.3.8.4-17
- Resolves: Bug 1643875 - ns-slapd: crash in entrycache_add_int
* Tue Oct 16 2018 Mark Reynolds <mreynolds@redhat.com> - 1.3.8.4-16
- Bump version to 1.3.8.4-16
- Resolves: Bug 1638513 - Message: "CRIT - list_candidates - NULL idl was recieved from filter_candidates_ext." should not be critical
* Wed Sep 19 2018 Mark Reynolds <mreynolds@redhat.com> - 1.3.8.4-15
- Bump version to 1.3.8.4-15
- Resolves: Bug 1624004 - Fix regression in last patch