Bug 15515 - Regression in LDAP_MATCHING_RULE_IN_CHAIN after CVE-2023-0614 fix
Summary: Regression in LDAP_MATCHING_RULE_IN_CHAIN after CVE-2023-0614 fix
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: 4.18.5
Hardware: All All
: P5 regression (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
Depends on:
Reported: 2023-11-10 15:49 UTC by Jonathan Hunter
Modified: 2023-11-10 15:52 UTC (History)
1 user (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Jonathan Hunter 2023-11-10 15:49:19 UTC
After commit 0776ce5caedf18aa8cc1d1dddb1a425f3d0c926c (bug 15270), one of my production LDAP queries using LDAP_MATCHING_RULE_IN_CHAIN has stopped working.

The same query using ldbsearch against sam.ldb works OK, but when the search is carried out using LDAP (either with ldbsearch or ldapsearch) it returns no results.

Example search that now returns nothing after my DC upgrades; this
exact search used to work just fine:

But if I remove the matching rule specifier, it does return a number of results: