https://bugzilla.redhat.com/show_bug.cgi?id=329751 https://bugzilla.redhat.com/attachment.cgi?id=457238&action=diff https://bugzilla.redhat.com/attachment.cgi?id=457238&action=edit Bug Description: If nsRoleFilter in nsRoleDefinition contains virtual attributes in the filter AND the attribute type is not indexed, following searches could go in to a loop starting from slapi_vattr_filter_test. On the other hand, if the the attribute type is indexed, the nsRoleDefinition is ignored. The server does not support virtual attributes for nsRoleFilter, but it was not checked. This patch tries to detect such an invalid role definition and issues an error. Note: the check cannot detect the case nsRoleFilter is already in the db, then add CoS defining an attribute in the nsRoleFilter as an virtual attribute. File: ldap/servers/plugins/cos/cos_cache.c ldap/servers/plugins/roles/roles_cache.c ldap/servers/slapd/vattr.c -- 389-devel mailing list 389-devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-devel
