access control "set=" problem (ITS#3140)

[hager@transgene.fr]

Full_Name: HAGER Herve
Version: 2.2.x
OS: Red Hat 8 and Fedora Core 1
URL: 
Submission from: (NULL) (212.103.10.226)


Hello,

OpenLDAP crashes when i perform an unbind ldapsearch on it. I found out that it
is the "set=" directive form an access clause in the slapd.conf which is in
cause, when the group specified contains another group which is in the "what"
part of the access clause. Because i konw this is hard to explain with my
low-level english, i realised a small example ldif :

dn: o=myorg,c=fr
objectclass: top
objectclass: organization
o: myorg

dn: ou=people,o=myorg,c=fr
objectclass: top
objectclass: organizationalunit
ou: people

dn: cn=toto,ou=people,o=myorg,c=fr
objectclass: top
objectclass: person
sn: toto
cn: toto

dn: cn=admins,o=myorg,c=fr
objectclass: top
objectclass: groupofnames
cn: admins
member: cn=group,ou=people,o=myorg,c=fr

dn: cn=group,ou=people,o=myorg,c=fr
objectclass: top
objectclass: groupofnames
cn: group
member: cn=toto,ou=people,o=myorg,c=fr

With the following access clause in the slapd.conf file :
access to *
        by set="[cn=admins,o=myorg,c=fr]/member* & user" write
        by * read
an unbind ldapsearch on the directory crashes, such as :
ldapsearch -b "o=myorg,c=fr"

The bug is verified on openldap 2.2.4, 2.2.10 and 2.2.11, so i assume all the
2.2.x versions are involved. The bug is not present on the 2.1.30 version.
There's no problem with a bind ldapsearch.

The bug happens on Red Hat 8 and Fedora Core 1, with openldap compiled from
source. Here is my configure command line :
./configure --prefix=/usr/local/openldap --enable-crypt --enable-lmpasswd
--without-cyrus-sasl --with-threads --with-tls --disable-bdb --enable-ldbm
--with-ldbm-gdbm --enable-slurpd --disable-ipv6 --enable-syslog

I hope i have given all relevant information to help fixing this problem.
Thanks for your help.

Best regards,
Herve