389-ds-base

#47726 The administrative user (Directory Manager) user must override unindexed search filters

Closed: wontfix 3 years ago by spichugi. Opened 10 years ago by rmazgon.

If unindexed searches are activated:

[root@host rmazgon]# ldapsearch -LLL -x -D "cn=Directory Manager" -b cn=config -W -h ldap-server -b "cn=UserRoot,cn=ldbm database,cn=plugins,cn=config" -s base "(objectclass=*)" nsslapd-require-index
Enter LDAP Password:
dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config
nsslapd-require-index: on

The Directory Manager must override any type of filter, but it does not it:

[root@host rmazgon]# ldapsearch -v -x -D "cn=Directory Manager" -b c=es -W -h ldap-server "(uid=)" dn
ldap_initialize( ldap://ldap-server )
Enter LDAP Password:
filter: (uid=)
requesting: dn

extended LDIF

LDAPv3

base <c=es> with scope subtree

filter: (uid=*)

requesting: dn

search result

search: 2
result: 53 Server is unwilling to perform
text: Search is not indexed

numResponses: 1

[root@host rmazgon]#

It can be shown at server access log:

...
[03/Mar/2014:13:25:08 +0000] conn=54137 fd=219 slot=219 connection from 10.140.141.70 to 10.141.197.211
[03/Mar/2014:13:25:08 +0000] conn=54137 op=0 BIND dn="cn=Directory Manager" method=128 version=3
[03/Mar/2014:13:25:08 +0000] conn=54137 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[03/Mar/2014:13:25:08 +0000] conn=54137 op=1 SRCH base="c=es" scope=2 filter="(uid=*)" attrs="distinguishedName"
[03/Mar/2014:13:25:08 +0000] conn=54137 op=1 RESULT err=53 tag=101 nentries=0 etime=0 notes=A
[03/Mar/2014:13:25:08 +0000] conn=54137 op=2 UNBIND
[03/Mar/2014:13:25:08 +0000] conn=54137 op=2 fd=219 closed - U1

...

The administrative user (Directory Manager) user must override unindexed search filters.

My server version:
389-Directory/1.2.11.25 B2013.325.1951

RPMs from EPEL:
[root@server ~]# rpm -qa | grep -i 389
389-ds-1.2.2-1.el6.noarch
389-ds-console-doc-1.2.6-1.el6.noarch
389-ds-base-libs-1.2.11.25-1.el6.x86_64
389-admin-1.1.35-1.el6.x86_64
389-admin-console-doc-1.1.8-1.el6.noarch
389-admin-console-1.1.8-1.el6.noarch
389-dsgw-1.1.11-1.el6.x86_64
389-adminutil-1.1.19-1.el6.x86_64
389-ds-console-1.2.6-1.el6.noarch
389-console-1.1.7-1.el6.noarch
389-ds-base-1.2.11.25-1.el6.x86_64

Metadata Update from @rmazgon:
- Issue set to the milestone: FUTURE

7 years ago

Metadata Update from @mreynolds:
- Custom field reviewstatus adjusted to None
- Issue close_status updated to: None
- Issue set to the milestone: 1.4.4 (was: FUTURE)

4 years ago

spichugi commented 3 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/1060

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix
- Issue status updated to: Closed (was: Open)

3 years ago

Metadata

Assignee

None

Tags

None

Blocking

None

Depending on

None

Priority

normal

Milestone

1.4.4

reviewstatus

None

rhbz

None

origin

Community

389-ds-base

Source Code

#47726 The administrative user (Directory Manager) user must override unindexed search filters Closed: wontfix 3 years ago by spichugi. Opened 10 years ago by rmazgon.

extended LDIF

LDAPv3

base <c=es> with scope subtree

filter: (uid=*)

requesting: dn

search result

numResponses: 1

Metadata

#47726 The administrative user (Directory Manager) user must override unindexed search filters

Closed: wontfix 3 years ago by spichugi. Opened 10 years ago by rmazgon.