eDirectory returns duplicate attribute values via LDAP when a substring filter matches.

  • 3466033
  • 10-Mar-2008
  • 10-Jun-2013


Novell eDirectory 8.8 SP2 for All Platforms


When performing an LDAP substring query for an object based on one or more attributes the attribute values are returned multiple times when the substring query matches multiple values in a given attribute. For example when a user has multiple values for CN or Surname that are similar (test0, test1, test2, etc.) and the filter used is 'cn=test*' all values for all attributes are returned the number of times the filter matched (in this case, three times).


This issue is being addressed by Novell Engineering. Performing searches that are not substring searches should not result in this issue. This problem may or may not be an issue depending on the client making the LDAP request. Duplicate values may be handled on the client side without ever showing this symptom depending on the logic implemented in the LDAP client.


This has been resolved in eDir 8.8SP3

Additional Information

Sample user:

< quote>
# testmulticn00, suse, org
dn: cn=testmulticn00,o=suse,dc=org
uid: testmulticn00
givenName: testmultigiven00
givenName: testmultigiven01
sn: testmulticn00lname
objectClass: inetOrgPerson
cn: testmulticn00
cn: testmulticn00a
cn: testmulticn00b
cn: asdf
cn: testmulticn04
< /quote>