ITS#5265

f95c35b1 · Quanah Gibson-Mount · 335d3bfe · f95c35b1 · f95c35b1 · f95c35b1
Commit f95c35b1 authored 17 years ago by Quanah Gibson-Mount
--- a/CHANGES
+++ b/CHANGES
@@ -3,7 +3,9 @@ OpenLDAP 2.4 Change Log
 OpenLDAP 2.4.8 Engineering
 	Fixed slapd include handling (ITS#5276)
 	Fixed slapd non-atomic signal variables (ITS#5248)
-	Fixed libldap_r threaded library linking (ITS#4982)
+	Fixed slapd-ldif delete (ITS#5265)
+	Build Environment
+		Fixed libldap_r threaded library linking (ITS#4982)
 	Documentation
 		DB_CONFIG.example URL wrong in comments (ITS#5288)
 		Add cn=config example for auditlog (ITS#5245)

--- a/servers/slapd/back-ldif/ldif.c
+++ b/servers/slapd/back-ldif/ldif.c
@@ -129,9 +129,15 @@ dn2path(struct berval * orig_dn, struct berval * suffixdn, struct berval * base_
 	res->bv_len = dn.bv_len + base_path->bv_len + 1 + STRLENOF( LDIF );
 	res->bv_val = ch_malloc( res->bv_len + 1 );
 	ptr = lutil_strcopy( res->bv_val, base_path->bv_val );
-	*ptr++ = LDAP_DIRSEP[0];
-	ptr = lutil_strcopy( ptr, suffixdn->bv_val );
-	end = dn.bv_val + dn.bv_len - suffixdn->bv_len - 1;
+	end = dn.bv_val + dn.bv_len;
+	if ( !BER_BVISEMPTY( suffixdn ) ) {
+		*ptr++ = LDAP_DIRSEP[0];
+		ptr = lutil_strcopy( ptr, suffixdn->bv_val );
+		end -= suffixdn->bv_len + 1;
+
+	} else if ( BER_BVISEMPTY( &dn ) ) {
+		*ptr++ = LDAP_DIRSEP[0];
+	}
 	while ( end > dn.bv_val ) {
 		for (sep = end-1; sep >= dn.bv_val && !DN_SEPARATOR( *sep ); sep--);
 		*ptr++ = LDAP_DIRSEP[0];
@@ -161,6 +167,8 @@ dn2path(struct berval * orig_dn, struct berval * suffixdn, struct berval * base_
 	if ( dn.bv_val != orig_dn->bv_val ) {
 		ch_free( dn.bv_val );
 	}
+
+	assert( strlen( res->bv_val ) == res->bv_len );
 }

 static char * slurp_file(int fd) {
@@ -393,81 +401,83 @@ typedef struct bvlist {
 } bvlist;


-static int r_enum_tree(enumCookie *ck, struct berval *path,
+static int r_enum_tree(enumCookie *ck, struct berval *path, int base,
 	struct berval *pdn, struct berval *pndn)
 {
-	Entry *e;
-	int fd, rc = LDAP_SUCCESS;
+	Entry *e = NULL;
+	int fd = 0, rc = LDAP_SUCCESS;

-	fd = open( path->bv_val, O_RDONLY );
-	if ( fd < 0 ) {
-		Debug( LDAP_DEBUG_TRACE,
-			"=> ldif_enum_tree: failed to open %s: %s\n",
-			path->bv_val, STRERROR(errno), 0 );
-		return LDAP_NO_SUCH_OBJECT;
-	}
+	if ( !base ) {
+		fd = open( path->bv_val, O_RDONLY );
+		if ( fd < 0 ) {
+			Debug( LDAP_DEBUG_TRACE,
+				"=> ldif_enum_tree: failed to open %s: %s\n",
+				path->bv_val, STRERROR(errno), 0 );
+			return LDAP_NO_SUCH_OBJECT;
+		}

-	e = get_entry_for_fd(fd, pdn, pndn);
-	if ( !e ) {
-		Debug( LDAP_DEBUG_ANY,
-			"=> ldif_enum_tree: failed to read entry for %s\n",
-			path->bv_val, 0, 0 );
-		return LDAP_BUSY;
-	}
+		e = get_entry_for_fd(fd, pdn, pndn);
+		if ( !e ) {
+			Debug( LDAP_DEBUG_ANY,
+				"=> ldif_enum_tree: failed to read entry for %s\n",
+				path->bv_val, 0, 0 );
+			return LDAP_BUSY;
+		}

-	if ( ck->op->ors_scope == LDAP_SCOPE_BASE ||
-		ck->op->ors_scope == LDAP_SCOPE_SUBTREE ) {
-		/* Send right away? */
-		if ( ck->rs ) {
-			/*
-			 * if it's a referral, add it to the list of referrals. only do
-			 * this for non-base searches, and don't check the filter
-			 * explicitly here since it's only a candidate anyway.
-			 */
-			if ( !get_manageDSAit( ck->op )
-					&& ck->op->ors_scope != LDAP_SCOPE_BASE
-					&& is_entry_referral( e ) )
-			{
-				BerVarray erefs = get_entry_referrals( ck->op, e );
-				ck->rs->sr_ref = referral_rewrite( erefs,
-						&e->e_name, NULL,
-						ck->op->oq_search.rs_scope == LDAP_SCOPE_ONELEVEL
-							? LDAP_SCOPE_BASE : LDAP_SCOPE_SUBTREE );
-
-				ck->rs->sr_entry = e;
-				rc = send_search_reference( ck->op, ck->rs );
-				ber_bvarray_free( ck->rs->sr_ref );
-				ber_bvarray_free( erefs );
-				ck->rs->sr_ref = NULL;
-				ck->rs->sr_entry = NULL;
-
-			} else if ( test_filter( ck->op, e, ck->op->ors_filter ) == LDAP_COMPARE_TRUE )
-			{
-				ck->rs->sr_entry = e;
-				ck->rs->sr_attrs = ck->op->ors_attrs;
-				ck->rs->sr_flags = REP_ENTRY_MODIFIABLE;
-				rc = send_search_entry(ck->op, ck->rs);
-				ck->rs->sr_entry = NULL;
+		if ( ck->op->ors_scope == LDAP_SCOPE_BASE ||
+			ck->op->ors_scope == LDAP_SCOPE_SUBTREE ) {
+			/* Send right away? */
+			if ( ck->rs ) {
+				/*
+				 * if it's a referral, add it to the list of referrals. only do
+				 * this for non-base searches, and don't check the filter
+				 * explicitly here since it's only a candidate anyway.
+				 */
+				if ( !get_manageDSAit( ck->op )
+						&& ck->op->ors_scope != LDAP_SCOPE_BASE
+						&& is_entry_referral( e ) )
+				{
+					BerVarray erefs = get_entry_referrals( ck->op, e );
+					ck->rs->sr_ref = referral_rewrite( erefs,
+							&e->e_name, NULL,
+							ck->op->oq_search.rs_scope == LDAP_SCOPE_ONELEVEL
+								? LDAP_SCOPE_BASE : LDAP_SCOPE_SUBTREE );
+	
+					ck->rs->sr_entry = e;
+					rc = send_search_reference( ck->op, ck->rs );
+					ber_bvarray_free( ck->rs->sr_ref );
+					ber_bvarray_free( erefs );
+					ck->rs->sr_ref = NULL;
+					ck->rs->sr_entry = NULL;
+	
+				} else if ( test_filter( ck->op, e, ck->op->ors_filter ) == LDAP_COMPARE_TRUE )
+				{
+					ck->rs->sr_entry = e;
+					ck->rs->sr_attrs = ck->op->ors_attrs;
+					ck->rs->sr_flags = REP_ENTRY_MODIFIABLE;
+					rc = send_search_entry(ck->op, ck->rs);
+					ck->rs->sr_entry = NULL;
+				}
+				fd = 1;
+				if ( rc )
+					goto done;
+			} else {
+			/* Queueing up for tool mode */
+				if(ck->entries == NULL) {
+					ck->entries = (Entry **) ch_malloc(sizeof(Entry *) * ENTRY_BUFF_INCREMENT);
+					ck->elen = ENTRY_BUFF_INCREMENT;
+				}
+				if(ck->eind >= ck->elen) { /* grow entries if necessary */	
+					ck->entries = (Entry **) ch_realloc(ck->entries, sizeof(Entry *) * (ck->elen) * 2);
+					ck->elen *= 2;
+				}
+	
+				ck->entries[ck->eind++] = e;
+				fd = 0;
 			}
-			fd = 1;
-			if ( rc )
-				goto done;
 		} else {
-		/* Queueing up for tool mode */
-			if(ck->entries == NULL) {
-				ck->entries = (Entry **) ch_malloc(sizeof(Entry *) * ENTRY_BUFF_INCREMENT);
-				ck->elen = ENTRY_BUFF_INCREMENT;
-			}
-			if(ck->eind >= ck->elen) { /* grow entries if necessary */	
-				ck->entries = (Entry **) ch_realloc(ck->entries, sizeof(Entry *) * (ck->elen) * 2);
-				ck->elen *= 2;
-			}
-
-			ck->entries[ck->eind++] = e;
-			fd = 0;
+			fd = 1;
 		}
-	} else {
-		fd = 1;
 	}

 	if ( ck->op->ors_scope != LDAP_SCOPE_BASE ) {
@@ -551,7 +561,9 @@ static int r_enum_tree(enumCookie *ck, struct berval *path,
 					AC_MEMCPY( ptr->bv.bv_val + ptr->off, ptr->num.bv_val,
 						ptr->num.bv_len );
 				fullpath( path, &ptr->bv, &fpath );
-				rc = r_enum_tree(ck, &fpath, &e->e_name, &e->e_nname );
+				rc = r_enum_tree(ck, &fpath, 0,
+					e != NULL ? &e->e_name : pdn,
+					e != NULL ? &e->e_nname : pndn );
 				free(fpath.bv_val);
 			}
 			if ( ptr->num.bv_val )
@@ -578,7 +590,7 @@ enum_tree(
 	dnParent( &ck->op->o_req_dn, &pdn );
 	dnParent( &ck->op->o_req_ndn, &pndn );
 	dn2path( &ck->op->o_req_ndn, &ck->op->o_bd->be_nsuffix[0], &li->li_base_path, &path);
-	rc = r_enum_tree(ck, &path, &pdn, &pndn);
+	rc = r_enum_tree(ck, &path, BER_BVISEMPTY( &ck->op->o_req_ndn ) ? 1 : 0, &pdn, &pndn);
 	ch_free( path.bv_val );
 	return rc;
 }
@@ -697,6 +709,11 @@ ldif_back_referrals( Operation *op, SlapReply *rs )
 		return rc;
 	}

+	if ( BER_BVISEMPTY( &op->o_req_ndn ) ) {
+		/* the empty DN cannot be a referral */
+		return rc;
+	}
+
 	li = (struct ldif_info *)op->o_bd->be_private;
 	ldap_pvt_thread_rdwr_rlock( &li->li_rdwr );
 	entry = get_entry( op, &li->li_base_path );
@@ -711,7 +728,9 @@ ldif_back_referrals( Operation *op, SlapReply *rs )
 		for ( ; entry == NULL; ) {
 			dnParent( &pndn, &pndn );
 			
-			if ( !dnIsSuffix( &pndn, &op->o_bd->be_nsuffix[0] ) ) {
+			if ( BER_BVISEMPTY( &pndn )
+				|| !dnIsSuffix( &pndn, &op->o_bd->be_nsuffix[0] ) )
+			{
 				break;
 			}

@@ -1023,15 +1042,17 @@ static int ldif_back_delete(Operation *op, SlapReply *rs) {
 			break;

 		case ENOENT:
-			rs->sr_err = LDAP_NO_SUCH_OBJECT;
+			/* is leaf, go on */
+			res = 0;
 			break;

 		default:
 			rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
 			break;
 		}
+	}

-	} else {
+	if ( !res ) {
 		res = unlink(path.bv_val);
 		if ( res == -1 ) {
 			switch ( errno ) {

--- a/tests/data/dn.out
+++ b/tests/data/dn.out
+# Searching database...
 dn: dc=example,dc=com
 objectClass: domain
 objectClass: domainRelatedObject
 dc: example
 associatedDomain: example.com

+dn: ou=LDAPv2,dc=example,dc=com
+objectClass: organizationalUnit
+ou: LDAPv2
+description: RFC 1779 compliant DN string representation
+
 dn: ou=LDAPv3,dc=example,dc=com
 objectClass: organizationalUnit
 ou: LDAPv3
 description: RFC 2253 compliant DN string representation

+dn: cn=May Succeed 1,ou=LDAPv2,dc=example,dc=com
+objectClass: groupOfNames
+cn: May Succeed 1
+member:
+description: " " // space, quote characters (") are not part of the string
+
+dn: cn=May Succeed 3,ou=LDAPv2,dc=example,dc=com
+objectClass: groupOfNames
+cn: May Succeed 3
+member: uid=jsmith,o=example,c=US
+description: UID=jsmith, O=example, C=US // spaces
+
+dn: cn=May Succeed 4,ou=LDAPv2,dc=example,dc=com
+objectClass: groupOfNames
+cn: May Succeed 4
+member: uid=jsmith,o=example,c=US
+description: UID=jsmith;O=example;C=US // semi-colons
+
+dn: cn=May Succeed 6,ou=LDAPv2,dc=example,dc=com
+objectClass: groupOfNames
+cn: May Succeed 6
+member: cn=John Smith,o=example,c=US
+description: CN="John Smith",O=example,C=US // quotes
+
 dn: cn=Must Succeed,ou=LDAPv3,dc=example,dc=com
 objectClass: groupOfNames
 cn: Must Succeed
@@ -43,47 +73,6 @@ description: CN=\#John Smith\ ,DC=example,DC=net
 description: CN=Lu\C4\8Di\C4\87
 description: testUUID=597ae2f6-16a6-1027-98f4-abcdefABCDEF,DC=Example

-dn: cn=Unescaped Equals,ou=LDAPv3,dc=example,dc=com
-objectClass: groupOfNames
-cn: Unescaped Equals
-member: cn=Unescaped Equals,ou=LDAPv3,dc=example,dc=com
-member: cn=A*x\3Db is a linear algebra problem,ou=LDAPv3,dc=example,dc=com
-description: cn=A*x=b is a linear algebra problem,ou=LDAPv3,dc=example,dc=com 
- // unescaped EQUALS
-
-dn: ou=LDAPv2,dc=example,dc=com
-objectClass: organizationalUnit
-ou: LDAPv2
-description: RFC 1779 compliant DN string representation
-
-dn: cn=May Succeed 1,ou=LDAPv2,dc=example,dc=com
-objectClass: groupOfNames
-cn: May Succeed 1
-member:
-description: " " // space, quote characters (") are not part of the string
-
-dn: cn=May Succeed 3,ou=LDAPv2,dc=example,dc=com
-objectClass: groupOfNames
-cn: May Succeed 3
-member: uid=jsmith,o=example,c=US
-description: UID=jsmith, O=example, C=US // spaces
-
-dn: cn=May Succeed 4,ou=LDAPv2,dc=example,dc=com
-objectClass: groupOfNames
-cn: May Succeed 4
-member: uid=jsmith,o=example,c=US
-description: UID=jsmith;O=example;C=US // semi-colons
-
-dn: cn=May Succeed 6,ou=LDAPv2,dc=example,dc=com
-objectClass: groupOfNames
-cn: May Succeed 6
-member: cn=John Smith,o=example,c=US
-description: CN="John Smith",O=example,C=US // quotes
-
-dn: ou=Related Syntaxes,dc=example,dc=com
-objectClass: organizationalUnit
-ou: Related Syntaxes
-
 dn: cn=Name and Optional UID,ou=Related Syntaxes,dc=example,dc=com
 objectClass: groupOfUniqueNames
 cn: Name and Optional UID
@@ -99,6 +88,10 @@ description: #'0010'B // empty "" DN with leading '0's
 description: dc=example,dc=com#'1000'B // with DN portion
 description: dc=example,dc=com#'0'B // with DN portion and just one '0'

+dn: ou=Related Syntaxes,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Related Syntaxes
+
 dn: cn=Should Parse as DN,cn=Name and Optional UID,ou=Related Syntaxes,dc=exam
 ple,dc=com
 objectClass: groupOfUniqueNames
@@ -110,6 +103,15 @@ description: dc=example,dc=com#0'B // malformed UID?
 description: dc=example,dc=com#'0B // malformed UID?
 description: dc=example,dc=com '0'B // malformed UID?

+dn: cn=Unescaped Equals,ou=LDAPv3,dc=example,dc=com
+objectClass: groupOfNames
+cn: Unescaped Equals
+member: cn=Unescaped Equals,ou=LDAPv3,dc=example,dc=com
+member: cn=A*x\3Db is a linear algebra problem,ou=LDAPv3,dc=example,dc=com
+description: cn=A*x=b is a linear algebra problem,ou=LDAPv3,dc=example,dc=com 
+ // unescaped EQUALS
+
+# Searching database for DN="OU=Sales+CN=J. Smith,DC=example,DC=net"...
 dn: cn=Must Succeed,ou=LDAPv3,dc=example,dc=com
 objectClass: groupOfNames
 cn: Must Succeed
@@ -144,6 +146,7 @@ description: CN=\#John Smith\ ,DC=example,DC=net
 description: CN=Lu\C4\8Di\C4\87
 description: testUUID=597ae2f6-16a6-1027-98f4-abcdefABCDEF,DC=Example

+# Searching database for entryUUID-named DN="testUUID=597ae2f6-16a6-1027-98f4-ABCDEFabcdef,DC=Example"...
 dn: cn=Must Succeed,ou=LDAPv3,dc=example,dc=com
 objectClass: groupOfNames
 cn: Must Succeed
@@ -178,6 +181,8 @@ description: CN=\#John Smith\ ,DC=example,DC=net
 description: CN=Lu\C4\8Di\C4\87
 description: testUUID=597ae2f6-16a6-1027-98f4-abcdefABCDEF,DC=Example

+# Searching database for nameAndOptionalUID="dc=example,dc=com"...
+# Searching database for nameAndOptionalUID="dc=example,dc=com#'001000'B"...
 dn: cn=Name and Optional UID,ou=Related Syntaxes,dc=example,dc=com
 objectClass: groupOfUniqueNames
 cn: Name and Optional UID
@@ -193,6 +198,7 @@ description: #'0010'B // empty "" DN with leading '0's
 description: dc=example,dc=com#'1000'B // with DN portion
 description: dc=example,dc=com#'0'B // with DN portion and just one '0'

+# Searching database for uniqueMember~="dc=example,dc=com" (approx)...
 dn: cn=Name and Optional UID,ou=Related Syntaxes,dc=example,dc=com
 objectClass: groupOfUniqueNames
 cn: Name and Optional UID
@@ -208,6 +214,7 @@ description: #'0010'B // empty "" DN with leading '0's
 description: dc=example,dc=com#'1000'B // with DN portion
 description: dc=example,dc=com#'0'B // with DN portion and just one '0'

+# Searching database for uniqueMember~="dc=example,dc=com#'001000'B" (approx)...
 dn: cn=Name and Optional UID,ou=Related Syntaxes,dc=example,dc=com
 objectClass: groupOfUniqueNames
 cn: Name and Optional UID

--- a/tests/data/emptydn.out
+++ b/tests/data/emptydn.out
-dn: c=US
-objectClass: country
-c: US
-
-dn: o=Example,c=US
+dn: o=Esempio,c=IT
 objectClass: organization
+o: Esempio
+o: Esempio S.p.A.
 o: Example
-o: Example, Inc.
-
-dn: c=UK
-objectClass: country
-c: UK

 dn: o=Example,c=UK
 objectClass: organization
 o: Example
 o: Example, Ltd.

+dn: o=Example,c=US
+objectClass: organization
+o: Example
+o: Example, Inc.
+
 dn: c=IT
 objectClass: country
 c: IT

-dn: o=Esempio,c=IT
-objectClass: organization
-o: Esempio
-o: Esempio S.p.A.
-o: Example
+dn: c=UK
+objectClass: country
+c: UK
+
+dn: c=US
+objectClass: country
+c: US

--- a/tests/data/emptydn.out.slapadd
+++ b/tests/data/emptydn.out.slapadd
-dn: c=US
-objectClass: country
-c: US
-
-dn: o=Example,c=US
+dn: o=Beispiel,c=DE
 objectClass: organization
+o: Beispiel
+o: Beispiel GmbH
 o: Example
-o: Example, Inc.

-dn: c=UK
+dn: c=DE
 objectClass: country
-c: UK
+c: DE
+
+dn: o=Esempio,c=IT
+objectClass: organization
+o: Esempio
+o: Esempio S.p.A.
+o: Example

 dn: o=Example,c=UK
 objectClass: organization
 o: Example
 o: Example, Ltd.

+dn: o=Example,c=US
+objectClass: organization
+o: Example
+o: Example, Inc.
+
 dn: c=IT
 objectClass: country
 c: IT

-dn: o=Esempio,c=IT
-objectClass: organization
-o: Esempio
-o: Esempio S.p.A.
-o: Example
-
-dn: c=DE
+dn: c=UK
 objectClass: country
-c: DE
+c: UK

-dn: o=Beispiel,c=DE
-objectClass: organization
-o: Beispiel
-o: Beispiel GmbH
-o: Example
+dn: c=US
+objectClass: country
+c: US

--- a/tests/scripts/test026-dn
+++ b/tests/scripts/test026-dn
@@ -55,7 +55,7 @@ cat /dev/null > $SEARCHOUT

 echo "Searching database..."
 echo "# Searching database..." >> $SEARCHOUT
-$LDAPSEARCH -b "$BASEDN" -h $LOCALHOST -p $PORT1 >> $SEARCHOUT 2>&1
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 >> $SEARCHOUT 2>&1

 RC=$?
 if test $RC != 0 ; then
@@ -67,7 +67,7 @@ fi
 DN="OU=Sales+CN=J. Smith,DC=example,DC=net"
 echo "Searching database for DN=\"$DN\"..."
 echo "# Searching database for DN=\"$DN\"..." >> $SEARCHOUT
-$LDAPSEARCH -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
 	"(member=$DN)" >> $SEARCHOUT 2>&1

 RC=$?
@@ -80,7 +80,7 @@ fi
 DN="testUUID=597ae2f6-16a6-1027-98f4-ABCDEFabcdef,DC=Example"
 echo "Searching database for entryUUID-named DN=\"$DN\"..."
 echo "# Searching database for entryUUID-named DN=\"$DN\"..." >> $SEARCHOUT
-$LDAPSEARCH -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
 	"(member=$DN)" \
 	>> $SEARCHOUT 2>&1

@@ -94,7 +94,7 @@ fi
 DN="dc=example,dc=com"
 echo "Searching database for nameAndOptionalUID=\"$DN\"..."
 echo "# Searching database for nameAndOptionalUID=\"$DN\"..." >> $SEARCHOUT
-$LDAPSEARCH -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
 	"(uniqueMember=$DN)" >> $SEARCHOUT 2>&1

 RC=$?
@@ -107,7 +107,7 @@ fi
 DN="dc=example,dc=com#'001000'B"
 echo "Searching database for nameAndOptionalUID=\"$DN\"..."
 echo "# Searching database for nameAndOptionalUID=\"$DN\"..." >> $SEARCHOUT
-$LDAPSEARCH -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
 	"(uniqueMember=$DN)" >> $SEARCHOUT 2>&1

 RC=$?
@@ -120,7 +120,7 @@ fi
 DN="dc=example,dc=com"
 echo "Searching database for uniqueMember~=\"$DN\" (approx)..."
 echo "# Searching database for uniqueMember~=\"$DN\" (approx)..." >> $SEARCHOUT
-$LDAPSEARCH -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
 	"(uniqueMember~=)" >> $SEARCHOUT 2>&1

 RC=$?
@@ -133,7 +133,7 @@ fi
 DN="dc=example,dc=com#'001000'B"
 echo "Searching database for uniqueMember~=\"$DN\" (approx)..."
 echo "# Searching database for uniqueMember~=\"$DN\" (approx)..." >> $SEARCHOUT
-$LDAPSEARCH -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
 	"(uniqueMember~=$DN)" >> $SEARCHOUT 2>&1

 RC=$?

--- a/tests/scripts/test027-emptydn
+++ b/tests/scripts/test027-emptydn
@@ -66,7 +66,7 @@ fi

 echo "Searching database..."

-$LDAPSEARCH -b "" -h $LOCALHOST -p $PORT1 > $SEARCHOUT 2>&1
+$LDAPSEARCH -S "" -b "" -h $LOCALHOST -p $PORT1 > $SEARCHOUT 2>&1

 RC=$?
 if test $RC != 0 ; then
@@ -143,7 +143,7 @@ EOF

 echo "Searching database..."

-$LDAPSEARCH -b "" -h $LOCALHOST -p $PORT1 > $SEARCHOUT 2>&1
+$LDAPSEARCH -S "" -b "" -h $LOCALHOST -p $PORT1 > $SEARCHOUT 2>&1

 RC=$?
 if test $RC != 0 ; then