ITS#9121 fix filtered memberOf

Broken in 2c0499ae4e17b29018041ecc0ce6001db15d014e adding nesting

diff --git a/servers/slapd/overlays/dynlist.c b/servers/slapd/overlays/dynlist.c
index cbb3d129f54f41ea282444b33a0b5cb3972c0d70..9519f971995062b1e484a0bc1bf4271afc0ac052 100644 (file)
--- a/servers/slapd/overlays/dynlist.c
+++ b/servers/slapd/overlays/dynlist.c
@@ -1699,16 +1699,19 @@ dynlist_search( Operation *op, SlapReply *rs )
                                if ( dlm->dlm_memberOf_ad ) {
                                        int want = 0;
 
-                                       /* with nesting, filter attributes also require nestlink */
-                                       if ( dlm->dlm_memberOf_nested ) {
+                                       /* is attribute in filter? */
+                                       if ( ad_infilter( dlm->dlm_memberOf_ad, op->ors_filter )) {
+                                               want |= WANT_MEMBEROF;
+                                               /* with nesting, filter attributes also require nestlink */
+                                               if ( dlm->dlm_memberOf_nested ) {
                                                /* WANT_ flags have inverted meaning here:
                                                 * to satisfy (memberOf=) filter, we need to also
                                                 * find all subordinate groups. No special
                                                 * treatment is needed for (member=) since we
                                                 * already search all group entries.
                                                 */
-                                               if ( ad_infilter( dlm->dlm_memberOf_ad, op->ors_filter ))
                                                        want |= WANT_MEMBER;
+                                               }
                                        }
 
                                        /* if attribute is not requested, skip it */