[Pkg-openldap-devel] Bug#782212: slapd: LDAP search with onelevel scope returns the search base node while it shouldn’t

Côme Bernigaud come.bernigaud at opensides.be
Thu Apr 9 11:25:39 UTC 2015 

Package: slapd
Version: 2.4.40-4
Severity: critical
Justification: breaks unrelated software

Dear Maintainer,

   * What led up to the situation?
Using FusionDirectory led to a PHP segfault, and investigating this led to an infinite loop caused by an incorrect LDAP answer.

   * What exactly did you do (or not do) that was effective (or
     ineffective)?
ldapsearch -h localhost -D "cn=admin,dc=mcmic,dc=test" -w pwd -s one -b "ou=wheezy,ou=debian,ou=fai,ou=configs,ou=systems,dc=mcmic,dc=test" objectClass=FAIbranch

   * What was the outcome of this action?
# extended LDIF
#
# LDAPv3
# base <ou=wheezy,ou=debian,ou=fai,ou=configs,ou=systems,dc=mcmic,dc=test> with scope oneLevel
# filter: objectClass=FAIbranch
# requesting: ALL
#

# wheezy, debian, fai, configs, systems, mcmic.test
dn: ou=wheezy,ou=debian,ou=fai,ou=configs,ou=systems,dc=mcmic,dc=test
objectClass: organizationalUnit
objectClass: FAIbranch
ou: wheezy

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

   * What outcome did you expect instead?
Same answer than on wheezy, no results (The dn given by slapd under jessie is not in the scope oneLevel):
# extended LDIF
#
# LDAPv3
# base <ou=wheezy,ou=debian,ou=fai,ou=configs,ou=systems,dc=mcmic,dc=test> with scope oneLevel
# filter: objectClass=FAIbranch
# requesting: ALL
#

# search result
search: 2
result: 0 Success

# numResponses: 1

-- System Information:
Debian Release: 8.0
Architecture: i386 (i686)

Kernel: Linux 3.14-1-486
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages slapd depends on:
ii  adduser                     3.113+nmu3
ii  coreutils                   8.23-4
ii  debconf [debconf-2.0]       1.5.56
ii  libc6                       2.19-17
ii  libdb5.3                    5.3.28-9
ii  libgnutls-deb0-28           3.3.8-6
ii  libldap-2.4-2               2.4.40-4
ii  libltdl7                    2.4.2-1.11
ii  libodbc1                    2.3.1-3
ii  libperl5.20                 5.20.2-3
ii  libsasl2-2                  2.1.26.dfsg1-13
ii  libslp1                     1.2.1-10
ii  libwrap0                    7.6.q-25
ii  lsb-base                    4.1+Debian13+nmu1
ii  multiarch-support           2.19-17
ii  perl [libmime-base64-perl]  5.20.2-3
ii  psmisc                      22.21-2

Versions of packages slapd recommends:
ii  libsasl2-modules  2.1.26.dfsg1-13

Versions of packages slapd suggests:
ii  ldap-utils                                                     2.4.40-4
pn  libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal  <none>

-- debconf information:
  slapd/internal/generated_adminpw: (password omitted)
  slapd/internal/adminpw: (password omitted)
* slapd/password1: (password omitted)
* slapd/password2: (password omitted)
* slapd/move_old_database: false
* shared/organization: mcmic
* slapd/no_configuration: false
  slapd/upgrade_slapcat_failure:
* slapd/backend: MDB
  slapd/invalid_config: true
  slapd/dump_database: when needed
* slapd/domain: mcmic.test
  slapd/password_mismatch:
  slapd/dump_database_destdir: /var/backups/slapd-VERSION
  slapd/unsafe_selfwrite_acl:
* slapd/purge_database: true
* slapd/allow_ldap_v2: false

More information about the Pkg-openldap-devel mailing list