Kurt Zeilenga wrote:
On Dec 27, 2007, at 10:26 AM, Philip Guenther wrote:
Umm, no. That filter matches the grammar in RFC 4515.
Note that there is no way one can represent an empty initial or empty
final substrings. That's because empty substrings are nonsense. The
filter (cn=**) is invalid as it represents an empty initial, an empty
any, and an empty final. slapd(8) correctly errors on receipt of any
empty substring.
One can argue that the LDAP ASN.1 and the LDAP filter ABNF should have
size constraints on substring values. I consider it a minor bug in
specification which should be fixed.
Size constraints would also fix this stupid wart in the grammar:
Note that although both the <substring> and <present> productions in
the grammar above can produce the "attr=*" construct, this construct
is used only to denote a presence filter.
IMO, the bug is in ldapsearch(1). It should reject a filter with
empty substrings.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
