Publish matching rules in the cn=schema subentry as the matchingRules

attribute. This is an operational attribute and only returned if explicitly
asked for. Required by RFC 4517.

1 files changed, 17 insertions, 2 deletions

diff --git a/usr.sbin/ldapd/search.c b/usr.sbin/ldapd/search.c
index dc94444962d..51ca2a39192 100644
--- a/usr.sbin/ldapd/search.c
+++ b/usr.sbin/ldapd/search.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: search.c,v 1.11 2010/11/03 10:33:17 martinh Exp $ */
+/*	$OpenBSD: search.c,v 1.12 2010/11/04 15:35:00 martinh Exp $ */
 
 /*
  * Copyright (c) 2009, 2010 Martin Hedenfalk <martin@bzero.se>
@@ -531,7 +531,7 @@ ldap_search_subschema(struct search *search)
 	struct ber_element	*root, *elm, *key, *val;
 	struct object		*obj;
 	struct attr_type	*at;
-	int			 rc;
+	int			 rc, i;
 
 	if ((root = ber_add_sequence(NULL)) == NULL) {
 		return;
@@ -586,6 +586,21 @@ ldap_search_subschema(struct search *search)
 		}
 	}
 
+	if (should_include_attribute("matchingRules", search, 1)) {
+		elm = ber_add_sequence(elm);
+		key = ber_add_string(elm, "matchingRules");
+		val = ber_add_set(key);
+
+		for (i = 0; i < num_match_rules; i++) {
+			if (schema_dump_match_rule(&match_rules[i], buf,
+			    sizeof(buf)) != 0) {
+				rc = LDAP_OTHER;
+				goto done;
+			}
+			val = ber_add_string(val, buf);
+		}
+	}
+
 	search_result("cn=schema", 9, root, search);
 	rc = LDAP_SUCCESS;