From 3add82a3bb30b94afd23ff5e2c00c59ca8a931d8 Mon Sep 17 00:00:00 2001
From: Quanah Gibson-Mount <quanah@openldap.org>
Date: Tue, 18 Dec 2018 18:45:20 +0000
Subject: [PATCH] ITS#8286 -- Add matching rules for attributes

Add matching rules for all cases where it was missing.  Cleanup
incorrect types for a few attributes as well.  Fix network-timeout
handling in back-ldap/meta/asyncmeta.
---
 contrib/slapd-modules/adremap/adremap.c     |  2 +
 contrib/slapd-modules/autogroup/autogroup.c |  1 +
 contrib/slapd-modules/lastbind/lastbind.c   |  2 +
 contrib/slapd-modules/smbk5pwd/smbk5pwd.c   |  3 +
 doc/man/man5/slapo-dds.5                    | 10 ++--
 servers/slapd/back-asyncmeta/config.c       | 39 ++++++++++--
 servers/slapd/back-bdb/config.c             | 16 +++++
 servers/slapd/back-ldap/config.c            | 29 ++++++++-
 servers/slapd/back-mdb/config.c             | 11 +++-
 servers/slapd/back-meta/config.c            | 38 ++++++++++--
 servers/slapd/back-perl/config.c            |  1 +
 servers/slapd/back-sql/config.c             | 31 ++++++++++
 servers/slapd/bconfig.c                     | 66 ++++++++++++++++++++-
 servers/slapd/overlays/accesslog.c          |  4 ++
 servers/slapd/overlays/auditlog.c           |  1 +
 servers/slapd/overlays/autoca.c             |  9 +++
 servers/slapd/overlays/dds.c                |  7 +++
 servers/slapd/overlays/dyngroup.c           |  1 +
 servers/slapd/overlays/memberof.c           |  7 +++
 servers/slapd/overlays/pcache.c             |  6 ++
 servers/slapd/overlays/ppolicy.c            |  4 ++
 servers/slapd/overlays/refint.c             |  2 +
 servers/slapd/overlays/retcode.c            |  3 +
 servers/slapd/overlays/rwm.c                |  3 +
 servers/slapd/overlays/sssvlv.c             |  3 +
 servers/slapd/overlays/syncprov.c           |  4 ++
 servers/slapd/overlays/translucent.c        |  6 ++
 27 files changed, 288 insertions(+), 21 deletions(-)

diff --git a/contrib/slapd-modules/adremap/adremap.c b/contrib/slapd-modules/adremap/adremap.c
index c21878185b..e5c64e80dc 100644
--- a/contrib/slapd-modules/adremap/adremap.c
+++ b/contrib/slapd-modules/adremap/adremap.c
@@ -72,6 +72,7 @@ static ConfigTable adremapcfg[] = {
 	  "( OLcfgCtAt:6.1 "
 	  "NAME 'olcADremapDowncase' "
 	  "DESC 'List of attributes to casefold to lower case' "
+	  "EQUALITY caseIgnoreMatch "
 	  "SYNTAX OMsDirectoryString )", NULL, NULL },
 	{ "adremap-dnmap", "dnattr targetattr newattr remoteOC localOC targetOC baseDN", 8, 8, 0,
 	  ARG_MAGIC|ADREMAP_DNV, adremap_cf_dnv,
@@ -79,6 +80,7 @@ static ConfigTable adremapcfg[] = {
 	  "NAME 'olcADremapDNmap' "
 	  "DESC 'DN attr to map, attr from target to use, attr to generate, objectclass of remote"
 	   " group, objectclass mapped group, objectclass of target entry, base DN of target entry' "
+	  "EQUALITY caseIgnoreMatch "
 	  "SYNTAX OMsDirectoryString )", NULL, NULL },
 	{ NULL, NULL, 0, 0, 0, ARG_IGNORED }
 };
diff --git a/contrib/slapd-modules/autogroup/autogroup.c b/contrib/slapd-modules/autogroup/autogroup.c
index 57100b144a..01050edfab 100644
--- a/contrib/slapd-modules/autogroup/autogroup.c
+++ b/contrib/slapd-modules/autogroup/autogroup.c
@@ -1724,6 +1724,7 @@ static ConfigTable agcfg[] = {
 		2, 2, 0, ARG_MAGIC|AG_MEMBER_OF_AD, ag_cfgen,
 		"( OLcfgCtAt:2.2 NAME 'olcAGmemberOfAd' "
 			"DESC 'memberOf attribute' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )",
 			NULL, NULL },
 
diff --git a/contrib/slapd-modules/lastbind/lastbind.c b/contrib/slapd-modules/lastbind/lastbind.c
index 311be04f77..43d619e90a 100644
--- a/contrib/slapd-modules/lastbind/lastbind.c
+++ b/contrib/slapd-modules/lastbind/lastbind.c
@@ -74,12 +74,14 @@ static ConfigTable lastbindcfg[] = {
 	  "( OLcfgCtAt:5.1 "
 	  "NAME 'olcLastBindPrecision' "
 	  "DESC 'Precision of authTimestamp attribute' "
+	  "EQUALITY integerMatch "
 	  "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
 	{ "lastbind_forward_updates", "on|off", 1, 2, 0,
 	  ARG_ON_OFF|ARG_OFFSET,
 	  (void *)offsetof(lastbind_info,forward_updates),
 	  "( OLcfgAt:5.2 NAME 'olcLastBindForwardUpdates' "
 	  "DESC 'Allow authTimestamp updates to be forwarded via updateref' "
+	  "EQUALITY booleanMatch "
 	  "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
 	{ NULL, NULL, 0, 0, 0, ARG_IGNORED }
 };
diff --git a/contrib/slapd-modules/smbk5pwd/smbk5pwd.c b/contrib/slapd-modules/smbk5pwd/smbk5pwd.c
index 0dda119c65..deadf11282 100644
--- a/contrib/slapd-modules/smbk5pwd/smbk5pwd.c
+++ b/contrib/slapd-modules/smbk5pwd/smbk5pwd.c
@@ -719,16 +719,19 @@ static ConfigTable smbk5pwd_cfats[] = {
 		2, 0, 0, ARG_MAGIC|PC_SMB_ENABLE, smbk5pwd_cf_func,
 		"( OLcfgCtAt:1.1 NAME 'olcSmbK5PwdEnable' "
 		"DESC 'Modules to be enabled' "
+		"EQUALITY caseIgnoreMatch "
 		"SYNTAX OMsDirectoryString )", NULL, NULL },
 	{ "smbk5pwd-must-change", "time",
 		2, 2, 0, ARG_MAGIC|ARG_INT|PC_SMB_MUST_CHANGE, smbk5pwd_cf_func,
 		"( OLcfgCtAt:1.2 NAME 'olcSmbK5PwdMustChange' "
 		"DESC 'Credentials validity interval' "
+		"EQUALITY integerMatch "
 		"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
 	{ "smbk5pwd-can-change", "time",
 		2, 2, 0, ARG_MAGIC|ARG_INT|PC_SMB_CAN_CHANGE, smbk5pwd_cf_func,
 		"( OLcfgCtAt:1.3 NAME 'olcSmbK5PwdCanChange' "
 		"DESC 'Credentials minimum validity interval' "
+		"EQUALITY integerMatch "
 		"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
 
 	{ NULL, NULL, 0, 0, 0, ARG_IGNORED }
diff --git a/doc/man/man5/slapo-dds.5 b/doc/man/man5/slapo-dds.5
index 7c29db2f45..b80b9e69ac 100644
--- a/doc/man/man5/slapo-dds.5
+++ b/doc/man/man5/slapo-dds.5
@@ -79,7 +79,7 @@ to avoid potential conflicts with directives specific to the underlying
 database or to other stacked overlays.
 
 .TP
-.B dds\-max\-ttl <ttl>
+.B dds\-max\-ttl <time>
 Specifies the max TTL value.
 This is also the default TTL newly created
 dynamic objects receive, unless
@@ -91,24 +91,24 @@ This value must be between 86400 (1 day, the default) and 31557600
 (1 year plus 6 hours, as per RFC 2589).
 
 .TP
-.B dds\-min\-ttl <ttl>
+.B dds\-min\-ttl <time>
 Specifies the min TTL value; clients requesting a lower TTL by means
 of the refresh extended operation actually obtain this value as CRP.
 If set to 0 (the default), no lower limit is set.
 
 .TP
-.B dds\-default\-ttl <ttl>
+.B dds\-default\-ttl <time>
 Specifies the default TTL value that newly created dynamic objects get.
 If set to 0 (the default), the
 .B dds\-max\-ttl
 is used.
 
 .TP
-.B dds\-interval <ttl>
+.B dds\-interval <time>
 Specifies the interval between expiration checks; defaults to 1 hour.
 
 .TP
-.B dds\-tolerance <ttl>
+.B dds\-tolerance <time>
 Specifies an extra time that is added to the timer that actually wakes up
 the thread that will delete an expired dynamic object.
 So the nominal lifetime of the entry is that specified in the
diff --git a/servers/slapd/back-asyncmeta/config.c b/servers/slapd/back-asyncmeta/config.c
index 807ab7fadd..ed7f212077 100644
--- a/servers/slapd/back-asyncmeta/config.c
+++ b/servers/slapd/back-asyncmeta/config.c
@@ -111,6 +111,7 @@ static ConfigTable a_metacfg[] = {
 		asyncmeta_back_cf_gen, "( OLcfgDbAt:0.14 "
 			"NAME 'olcDbURI' "
 			"DESC 'URI (list) for remote DSA' "
+			"EQUALITY caseExactMatch "
 			"SYNTAX OMsDirectoryString "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -119,6 +120,7 @@ static ConfigTable a_metacfg[] = {
 		asyncmeta_back_cf_gen, "( OLcfgDbAt:3.1 "
 			"NAME 'olcDbStartTLS' "
 			"DESC 'StartTLS' "
+			"EQUALITY caseExactMatch "
 			"SYNTAX OMsDirectoryString "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -127,6 +129,7 @@ static ConfigTable a_metacfg[] = {
 		asyncmeta_back_cf_gen, "( OLcfgDbAt:3.2 "
 			"NAME 'olcDbACLAuthcDn' "
 			"DESC 'Remote ACL administrative identity' "
+			"EQUALITY distinguishedNameMatch "
 			"OBSOLETE "
 			"SYNTAX OMsDN "
 			"SINGLE-VALUE )",
@@ -153,6 +156,7 @@ static ConfigTable a_metacfg[] = {
 		asyncmeta_back_cf_gen, "( OLcfgDbAt:3.7 "
 			"NAME 'olcDbIDAssertBind' "
 			"DESC 'Remote Identity Assertion administrative identity auth bind configuration' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -170,6 +174,7 @@ static ConfigTable a_metacfg[] = {
 		asyncmeta_back_cf_gen, "( OLcfgDbAt:3.10 "
 			"NAME 'olcDbRebindAsUser' "
 			"DESC 'Rebind as user' "
+			"EQUALITY booleanMatch "
 			"SYNTAX OMsBoolean "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -178,6 +183,7 @@ static ConfigTable a_metacfg[] = {
 		asyncmeta_back_cf_gen, "( OLcfgDbAt:3.11 "
 			"NAME 'olcDbChaseReferrals' "
 			"DESC 'Chase referrals' "
+			"EQUALITY booleanMatch "
 			"SYNTAX OMsBoolean "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -186,6 +192,7 @@ static ConfigTable a_metacfg[] = {
 		asyncmeta_back_cf_gen, "( OLcfgDbAt:3.12 "
 			"NAME 'olcDbTFSupport' "
 			"DESC 'Absolute filters support' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -194,6 +201,7 @@ static ConfigTable a_metacfg[] = {
 		asyncmeta_back_cf_gen, "( OLcfgDbAt:3.14 "
 			"NAME 'olcDbTimeout' "
 			"DESC 'Per-operation timeouts' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -202,6 +210,7 @@ static ConfigTable a_metacfg[] = {
 		asyncmeta_back_cf_gen, "( OLcfgDbAt:3.15 "
 			"NAME 'olcDbIdleTimeout' "
 			"DESC 'connection idle timeout' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -210,6 +219,7 @@ static ConfigTable a_metacfg[] = {
 		asyncmeta_back_cf_gen, "( OLcfgDbAt:3.17 "
 			"NAME 'olcDbNetworkTimeout' "
 			"DESC 'connection network timeout' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -218,6 +228,7 @@ static ConfigTable a_metacfg[] = {
 		asyncmeta_back_cf_gen, "( OLcfgDbAt:3.18 "
 			"NAME 'olcDbProtocolVersion' "
 			"DESC 'protocol version' "
+			"EQUALITY integerMatch "
 			"SYNTAX OMsInteger "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -227,6 +238,7 @@ static ConfigTable a_metacfg[] = {
 		asyncmeta_back_cf_gen, "( OLcfgDbAt:3.20 "
 			"NAME 'olcDbCancel' "
 			"DESC 'abandon/ignore/exop operations when appropriate' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -234,6 +246,7 @@ static ConfigTable a_metacfg[] = {
 		ARG_MAGIC|LDAP_BACK_CFG_QUARANTINE,
 		asyncmeta_back_cf_gen, "( OLcfgDbAt:3.21 "
 			"NAME 'olcDbQuarantine' "
+			"EQUALITY caseIgnoreMatch "
 			"DESC 'Quarantine database if connection fails and retry according to rule' "
 			"SYNTAX OMsDirectoryString "
 			"SINGLE-VALUE )",
@@ -244,6 +257,7 @@ static ConfigTable a_metacfg[] = {
 		asyncmeta_back_cf_gen, "( OLcfgDbAt:3.23 "
 			"NAME 'olcDbConnectionPoolMax' "
 			"DESC 'Max size of privileged connections pool' "
+			"EQUALITY integerMatch "
 			"SYNTAX OMsInteger "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -253,6 +267,7 @@ static ConfigTable a_metacfg[] = {
 		asyncmeta_back_cf_gen, "( OLcfgDbAt:3.24 "
 			"NAME 'olcDbSessionTrackingRequest' "
 			"DESC 'Add session tracking control to proxied requests' "
+			"EQUALITY booleanMatch "
 			"SYNTAX OMsBoolean "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -262,6 +277,7 @@ static ConfigTable a_metacfg[] = {
 		asyncmeta_back_cf_gen, "( OLcfgDbAt:3.25 "
 			"NAME 'olcDbNoRefs' "
 			"DESC 'Do not return search reference responses' "
+			"EQUALITY booleanMatch "
 			"SYNTAX OMsBoolean "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -270,6 +286,7 @@ static ConfigTable a_metacfg[] = {
 		asyncmeta_back_cf_gen, "( OLcfgDbAt:3.26 "
 			"NAME 'olcDbNoUndefFilter' "
 			"DESC 'Do not propagate undefined search filters' "
+			"EQUALITY booleanMatch "
 			"SYNTAX OMsBoolean "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -318,6 +335,7 @@ static ConfigTable a_metacfg[] = {
 		asyncmeta_back_cf_gen, "( OLcfgDbAt:3.105 "
 			"NAME 'olcDbDefaultTarget' "
 			"DESC 'Specify the default target' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -326,6 +344,7 @@ static ConfigTable a_metacfg[] = {
 		asyncmeta_back_cf_gen, "( OLcfgDbAt:3.106 "
 			"NAME 'olcDbDnCacheTtl' "
 			"DESC 'dncache ttl' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -334,7 +353,8 @@ static ConfigTable a_metacfg[] = {
 		asyncmeta_back_cf_gen, "( OLcfgDbAt:3.107 "
 			"NAME 'olcDbBindTimeout' "
 			"DESC 'bind timeout' "
-			"SYNTAX OMsDirectoryString "
+			"EQUALITY integerMatch "
+			"SYNTAX OMsInteger "
 			"SINGLE-VALUE )",
 		NULL, NULL },
 	{ "onerr", "CONTINUE|report|stop", 2, 2, 0,
@@ -342,6 +362,7 @@ static ConfigTable a_metacfg[] = {
 		asyncmeta_back_cf_gen, "( OLcfgDbAt:3.108 "
 			"NAME 'olcDbOnErr' "
 			"DESC 'error handling' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -350,6 +371,7 @@ static ConfigTable a_metacfg[] = {
 		asyncmeta_back_cf_gen, "( OLcfgDbAt:3.109 "
 			"NAME 'olcDbPseudoRootBindDefer' "
 			"DESC 'error handling' "
+			"EQUALITY booleanMatch "
 			"SYNTAX OMsBoolean "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -361,6 +383,7 @@ static ConfigTable a_metacfg[] = {
 		asyncmeta_back_cf_gen, "( OLcfgDbAt:3.110 "
 			"NAME 'olcDbNretries' "
 			"DESC 'retry handling' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -368,6 +391,7 @@ static ConfigTable a_metacfg[] = {
 		ARG_MAGIC|LDAP_BACK_CFG_CLIENT_PR,
 		asyncmeta_back_cf_gen, "( OLcfgDbAt:3.111 "
 			"NAME 'olcDbClientPr' "
+			"EQUALITY caseIgnoreMatch "
 			"DESC 'PagedResults handling' "
 			"SYNTAX OMsDirectoryString "
 			"SINGLE-VALUE )",
@@ -385,6 +409,7 @@ static ConfigTable a_metacfg[] = {
 		asyncmeta_back_cf_gen, "( OLcfgDbAt:3.29 "
 			"NAME 'olcDbKeepalive' "
 			"DESC 'TCP keepalive' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -403,6 +428,7 @@ static ConfigTable a_metacfg[] = {
 	  asyncmeta_back_cf_gen, "( OLcfgDbAt:3.113 "
 	  "NAME 'olcDbMaxPendingOps' "
 	  "DESC 'Maximum number of pending operations' "
+	  "EQUALITY integerMatch "
 	  "SYNTAX OMsInteger "
 	  "SINGLE-VALUE )",
 	  NULL, NULL },
@@ -412,6 +438,7 @@ static ConfigTable a_metacfg[] = {
 	  asyncmeta_back_cf_gen, "( OLcfgDbAt:3.114 "
 	  "NAME 'olcDbMaxTargetConns' "
 	  "DESC 'Maximum number of open connections per target' "
+	  "EQUALITY integerMatch "
 	  "SYNTAX OMsInteger "
 	  "SINGLE-VALUE )",
 	  NULL, NULL },
@@ -421,6 +448,7 @@ static ConfigTable a_metacfg[] = {
 	  asyncmeta_back_cf_gen, "( OLcfgDbAt:3.115 "
 	  "NAME 'olcDbMaxTimeoutOps' "
 	  "DESC 'Maximum number of consecutive timeout operations after which the connection is reset' "
+	  "EQUALITY integerMatch "
 	  "SYNTAX OMsInteger "
 	  "SINGLE-VALUE )",
 	  NULL, NULL },
@@ -1254,11 +1282,12 @@ asyncmeta_back_cf_gen( ConfigArgs *c )
 		case LDAP_BACK_CFG_NETWORK_TIMEOUT:
 			if ( mc->mc_network_timeout == 0 ) {
 				return 1;
+			} else {
+				char    buf[ SLAP_TEXT_BUFLEN ];
+				lutil_unparse_time( buf, sizeof( buf ), mc->mc_network_timeout );
+				ber_str2bv( buf, 0, 0, &bv );
+				value_add_one( &c->rvalue_vals, &bv );
 			}
-			bv.bv_len = snprintf( c->cr_msg, sizeof(c->cr_msg), "%ld",
-				mc->mc_network_timeout );
-			bv.bv_val = c->cr_msg;
-			value_add_one( &c->rvalue_vals, &bv );
 			break;
 
 		case LDAP_BACK_CFG_NOREFS:
diff --git a/servers/slapd/back-bdb/config.c b/servers/slapd/back-bdb/config.c
index 24c4753ba3..99716abf2b 100644
--- a/servers/slapd/back-bdb/config.c
+++ b/servers/slapd/back-bdb/config.c
@@ -65,35 +65,43 @@ static ConfigTable bdbcfg[] = {
 		(void *)offsetof(struct bdb_info, bi_cache.c_minfree),
 		"( OLcfgDbAt:1.11 NAME 'olcDbCacheFree' "
 			"DESC 'Number of extra entries to free when max is reached' "
+			"EQUALITY integerMatch "
 			"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
 	{ "cachesize", "size", 2, 2, 0, ARG_ULONG|ARG_OFFSET,
 		(void *)offsetof(struct bdb_info, bi_cache.c_maxsize),
 		"( OLcfgDbAt:1.1 NAME 'olcDbCacheSize' "
 			"DESC 'Entry cache size in entries' "
+			"EQUALITY integerMatch "
 			"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
 	{ "checkpoint", "kbyte> <min", 3, 3, 0, ARG_MAGIC|BDB_CHKPT,
 		bdb_cf_gen, "( OLcfgDbAt:1.2 NAME 'olcDbCheckpoint' "
 			"DESC 'Database checkpoint interval in kbytes and minutes' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )",NULL, NULL },
 	{ "checksum", NULL, 1, 2, 0, ARG_ON_OFF|ARG_MAGIC|BDB_CHECKSUM,
 		bdb_cf_gen, "( OLcfgDbAt:1.16 NAME 'olcDbChecksum' "
 			"DESC 'Enable database checksum validation' "
+			"EQUALITY booleanMatch "
 			"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
 	{ "cryptfile", "file", 2, 2, 0, ARG_STRING|ARG_MAGIC|BDB_CRYPTFILE,
 		bdb_cf_gen, "( OLcfgDbAt:1.13 NAME 'olcDbCryptFile' "
 			"DESC 'Pathname of file containing the DB encryption key' "
+			"EQUALITY caseExactMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )",NULL, NULL },
 	{ "cryptkey", "key", 2, 2, 0, ARG_BERVAL|ARG_MAGIC|BDB_CRYPTKEY,
 		bdb_cf_gen, "( OLcfgDbAt:1.14 NAME 'olcDbCryptKey' "
 			"DESC 'DB encryption key' "
+			"EQUALITY caseExactMatch "
 			"SYNTAX OMsOctetString SINGLE-VALUE )",NULL, NULL },
 	{ "dbconfig", "DB_CONFIG setting", 1, 0, 0, ARG_MAGIC|BDB_CONFIG,
 		bdb_cf_gen, "( OLcfgDbAt:1.3 NAME 'olcDbConfig' "
 			"DESC 'BerkeleyDB DB_CONFIG configuration directives' "
+			"EQUALITY caseIgnoreIA5Match "
 			"SYNTAX OMsIA5String X-ORDERED 'VALUES' )", NULL, NULL },
 	{ "dbnosync", NULL, 1, 2, 0, ARG_ON_OFF|ARG_MAGIC|BDB_NOSYNC,
 		bdb_cf_gen, "( OLcfgDbAt:1.4 NAME 'olcDbNoSync' "
 			"DESC 'Disable synchronous database writes' "
+			"EQUALITY booleanMatch "
 			"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
 	{ "dbpagesize", "db> <size", 3, 3, 0, ARG_MAGIC|BDB_PGSIZE,
 		bdb_cf_gen, "( OLcfgDbAt:1.15 NAME 'olcDbPageSize' "
@@ -108,16 +116,19 @@ static ConfigTable bdbcfg[] = {
 #endif
 		"( OLcfgDbAt:1.5 NAME 'olcDbDirtyRead' "
 		"DESC 'Allow reads of uncommitted data' "
+		"EQUALITY booleanMatch "
 		"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
 	{ "dncachesize", "size", 2, 2, 0, ARG_ULONG|ARG_OFFSET,
 		(void *)offsetof(struct bdb_info, bi_cache.c_eimax),
 		"( OLcfgDbAt:1.12 NAME 'olcDbDNcacheSize' "
 			"DESC 'DN cache size' "
+			"EQUALITY integerMatch "
 			"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
 	{ "idlcachesize", "size", 2, 2, 0, ARG_ULONG|ARG_OFFSET,
 		(void *)offsetof(struct bdb_info, bi_idl_cache_max_size),
 		"( OLcfgDbAt:1.6 NAME 'olcDbIDLcacheSize' "
 		"DESC 'IDL cache size in IDLs' "
+		"EQUALITY integerMatch "
 		"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
 	{ "index", "attr> <[pres,eq,approx,sub]", 2, 3, 0, ARG_MAGIC|BDB_INDEX,
 		bdb_cf_gen, "( OLcfgDbAt:0.2 NAME 'olcDbIndex' "
@@ -128,23 +139,28 @@ static ConfigTable bdbcfg[] = {
 		(void *)offsetof(struct bdb_info, bi_linear_index), 
 		"( OLcfgDbAt:1.7 NAME 'olcDbLinearIndex' "
 		"DESC 'Index attributes one at a time' "
+		"EQUALITY booleanMatch "
 		"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
 	{ "lockdetect", "policy", 2, 2, 0, ARG_MAGIC|BDB_LOCKD,
 		bdb_cf_gen, "( OLcfgDbAt:1.8 NAME 'olcDbLockDetect' "
 		"DESC 'Deadlock detection algorithm' "
+		"EQUALITY caseIgnoreMatch "
 		"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "mode", "mode", 2, 2, 0, ARG_MAGIC|BDB_MODE,
 		bdb_cf_gen, "( OLcfgDbAt:0.3 NAME 'olcDbMode' "
 		"DESC 'Unix permissions of database files' "
+		"EQUALITY caseIgnoreMatch "
 		"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "searchstack", "depth", 2, 2, 0, ARG_INT|ARG_MAGIC|BDB_SSTACK,
 		bdb_cf_gen, "( OLcfgDbAt:1.9 NAME 'olcDbSearchStack' "
 		"DESC 'Depth of search stack in IDLs' "
+		"EQUALITY integerMatch "
 		"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
 	{ "shm_key", "key", 2, 2, 0, ARG_LONG|ARG_OFFSET,
 		(void *)offsetof(struct bdb_info, bi_shm_key), 
 		"( OLcfgDbAt:1.10 NAME 'olcDbShmKey' "
 		"DESC 'Key for shared memory region' "
+		"EQUALITY integerMatch "
 		"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
 	{ NULL, NULL, 0, 0, 0, ARG_IGNORED,
 		NULL, NULL, NULL, NULL }
diff --git a/servers/slapd/back-ldap/config.c b/servers/slapd/back-ldap/config.c
index 84893ac56f..c97ab9ae9f 100644
--- a/servers/slapd/back-ldap/config.c
+++ b/servers/slapd/back-ldap/config.c
@@ -87,6 +87,7 @@ static ConfigTable ldapcfg[] = {
 		ldap_back_cf_gen, "( OLcfgDbAt:0.14 "
 			"NAME 'olcDbURI' "
 			"DESC 'URI (list) for remote DSA' "
+			"EQUALITY caseExactMatch "
 			"SYNTAX OMsDirectoryString "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -95,6 +96,7 @@ static ConfigTable ldapcfg[] = {
 		ldap_back_cf_gen, "( OLcfgDbAt:3.1 "
 			"NAME 'olcDbStartTLS' "
 			"DESC 'StartTLS' "
+			"EQUALITY caseExactMatch "
 			"SYNTAX OMsDirectoryString "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -103,6 +105,7 @@ static ConfigTable ldapcfg[] = {
 		ldap_back_cf_gen, "( OLcfgDbAt:3.2 "
 			"NAME 'olcDbACLAuthcDn' "
 			"DESC 'Remote ACL administrative identity' "
+			"EQUALITY distinguishedNameMatch "
 			"OBSOLETE "
 			"SYNTAX OMsDN "
 			"SINGLE-VALUE )",
@@ -133,6 +136,7 @@ static ConfigTable ldapcfg[] = {
 		ldap_back_cf_gen, "( OLcfgDbAt:3.4 "
 			"NAME 'olcDbACLBind' "
 			"DESC 'Remote ACL administrative identity auth bind configuration' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -141,6 +145,7 @@ static ConfigTable ldapcfg[] = {
 		ldap_back_cf_gen, "( OLcfgDbAt:3.5 "
 			"NAME 'olcDbIDAssertAuthcDn' "
 			"DESC 'Remote Identity Assertion administrative identity' "
+			"EQUALITY distinguishedNameMatch "
 			"OBSOLETE "
 			"SYNTAX OMsDN "
 			"SINGLE-VALUE )",
@@ -167,6 +172,7 @@ static ConfigTable ldapcfg[] = {
 		ldap_back_cf_gen, "( OLcfgDbAt:3.7 "
 			"NAME 'olcDbIDAssertBind' "
 			"DESC 'Remote Identity Assertion administrative identity auth bind configuration' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -196,6 +202,7 @@ static ConfigTable ldapcfg[] = {
 		ldap_back_cf_gen, "( OLcfgDbAt:3.10 "
 			"NAME 'olcDbRebindAsUser' "
 			"DESC 'Rebind as user' "
+			"EQUALITY booleanMatch "
 			"SYNTAX OMsBoolean "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -204,6 +211,7 @@ static ConfigTable ldapcfg[] = {
 		ldap_back_cf_gen, "( OLcfgDbAt:3.11 "
 			"NAME 'olcDbChaseReferrals' "
 			"DESC 'Chase referrals' "
+			"EQUALITY booleanMatch "
 			"SYNTAX OMsBoolean "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -212,6 +220,7 @@ static ConfigTable ldapcfg[] = {
 		ldap_back_cf_gen, "( OLcfgDbAt:3.12 "
 			"NAME 'olcDbTFSupport' "
 			"DESC 'Absolute filters support' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -220,6 +229,7 @@ static ConfigTable ldapcfg[] = {
 		ldap_back_cf_gen, "( OLcfgDbAt:3.13 "
 			"NAME 'olcDbProxyWhoAmI' "
 			"DESC 'Proxy whoAmI exop' "
+			"EQUALITY booleanMatch "
 			"SYNTAX OMsBoolean "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -228,6 +238,7 @@ static ConfigTable ldapcfg[] = {
 		ldap_back_cf_gen, "( OLcfgDbAt:3.14 "
 			"NAME 'olcDbTimeout' "
 			"DESC 'Per-operation timeouts' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -236,6 +247,7 @@ static ConfigTable ldapcfg[] = {
 		ldap_back_cf_gen, "( OLcfgDbAt:3.15 "
 			"NAME 'olcDbIdleTimeout' "
 			"DESC 'connection idle timeout' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -244,6 +256,7 @@ static ConfigTable ldapcfg[] = {
 		ldap_back_cf_gen, "( OLcfgDbAt:3.16 "
 			"NAME 'olcDbConnTtl' "
 			"DESC 'connection ttl' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -252,6 +265,7 @@ static ConfigTable ldapcfg[] = {
 		ldap_back_cf_gen, "( OLcfgDbAt:3.17 "
 			"NAME 'olcDbNetworkTimeout' "
 			"DESC 'connection network timeout' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -260,6 +274,7 @@ static ConfigTable ldapcfg[] = {
 		ldap_back_cf_gen, "( OLcfgDbAt:3.18 "
 			"NAME 'olcDbProtocolVersion' "
 			"DESC 'protocol version' "
+			"EQUALITY integerMatch "
 			"SYNTAX OMsInteger "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -268,6 +283,7 @@ static ConfigTable ldapcfg[] = {
 		ldap_back_cf_gen, "( OLcfgDbAt:3.19 "
 			"NAME 'olcDbSingleConn' "
 			"DESC 'cache a single connection per identity' "
+			"EQUALITY booleanMatch "
 			"SYNTAX OMsBoolean "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -276,6 +292,7 @@ static ConfigTable ldapcfg[] = {
 		ldap_back_cf_gen, "( OLcfgDbAt:3.20 "
 			"NAME 'olcDbCancel' "
 			"DESC 'abandon/ignore/exop operations when appropriate' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -284,6 +301,7 @@ static ConfigTable ldapcfg[] = {
 		ldap_back_cf_gen, "( OLcfgDbAt:3.21 "
 			"NAME 'olcDbQuarantine' "
 			"DESC 'Quarantine database if connection fails and retry according to rule' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -292,6 +310,7 @@ static ConfigTable ldapcfg[] = {
 		ldap_back_cf_gen, "( OLcfgDbAt:3.22 "
 			"NAME 'olcDbUseTemporaryConn' "
 			"DESC 'Use temporary connections if the cached one is busy' "
+			"EQUALITY booleanMatch "
 			"SYNTAX OMsBoolean "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -300,6 +319,7 @@ static ConfigTable ldapcfg[] = {
 		ldap_back_cf_gen, "( OLcfgDbAt:3.23 "
 			"NAME 'olcDbConnectionPoolMax' "
 			"DESC 'Max size of privileged connections pool' "
+			"EQUALITY integerMatch "
 			"SYNTAX OMsInteger "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -309,6 +329,7 @@ static ConfigTable ldapcfg[] = {
 		ldap_back_cf_gen, "( OLcfgDbAt:3.24 "
 			"NAME 'olcDbSessionTrackingRequest' "
 			"DESC 'Add session tracking control to proxied requests' "
+			"EQUALITY booleanMatch "
 			"SYNTAX OMsBoolean "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -318,6 +339,7 @@ static ConfigTable ldapcfg[] = {
 		ldap_back_cf_gen, "( OLcfgDbAt:3.25 "
 			"NAME 'olcDbNoRefs' "
 			"DESC 'Do not return search reference responses' "
+			"EQUALITY booleanMatch "
 			"SYNTAX OMsBoolean "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -326,6 +348,7 @@ static ConfigTable ldapcfg[] = {
 		ldap_back_cf_gen, "( OLcfgDbAt:3.26 "
 			"NAME 'olcDbNoUndefFilter' "
 			"DESC 'Do not propagate undefined search filters' "
+			"EQUALITY booleanMatch "
 			"SYNTAX OMsBoolean "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -334,6 +357,7 @@ static ConfigTable ldapcfg[] = {
 		ldap_back_cf_gen, "( OLcfgDbAt:3.108 "
 			"NAME 'olcDbOnErr' "
 			"DESC 'error handling' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -361,6 +385,7 @@ static ConfigTable ldapcfg[] = {
 		ldap_back_cf_gen, "( OLcfgDbAt:3.28 "
 			"NAME 'olcDbRemoveUnknownSchema' "
 			"DESC 'Omit unknown schema when returning search results' "
+			"EQUALITY booleanMatch "
 			"SYNTAX OMsBoolean "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -369,6 +394,7 @@ static ConfigTable ldapcfg[] = {
 		ldap_back_cf_gen, "( OLcfgDbAt:3.29 "
 			"NAME 'olcDbKeepalive' "
 			"DESC 'TCP keepalive' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -1346,8 +1372,7 @@ ldap_back_cf_gen( ConfigArgs *c )
 				return 1;
 			}
 
-			snprintf( buf, sizeof( buf ), "%ld",
-				(long)li->li_network_timeout );
+			lutil_unparse_time( buf, sizeof( buf ), li->li_network_timeout );
 			ber_str2bv( buf, 0, 0, &bv );
 			value_add_one( &c->rvalue_vals, &bv );
 			} break;
diff --git a/servers/slapd/back-mdb/config.c b/servers/slapd/back-mdb/config.c
index db6b0f5a93..ce77e9d624 100644
--- a/servers/slapd/back-mdb/config.c
+++ b/servers/slapd/back-mdb/config.c
@@ -47,15 +47,17 @@ static ConfigTable mdbcfg[] = {
 	{ "directory", "dir", 2, 2, 0, ARG_STRING|ARG_MAGIC|MDB_DIRECTORY,
 		mdb_cf_gen, "( OLcfgDbAt:0.1 NAME 'olcDbDirectory' "
 			"DESC 'Directory for database content' "
-			"EQUALITY caseIgnoreMatch "
+			"EQUALITY caseExactMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "checkpoint", "kbyte> <min", 3, 3, 0, ARG_MAGIC|MDB_CHKPT,
 		mdb_cf_gen, "( OLcfgDbAt:1.2 NAME 'olcDbCheckpoint' "
 			"DESC 'Database checkpoint interval in kbytes and minutes' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )",NULL, NULL },
 	{ "dbnosync", NULL, 1, 2, 0, ARG_ON_OFF|ARG_MAGIC|MDB_DBNOSYNC,
 		mdb_cf_gen, "( OLcfgDbAt:1.4 NAME 'olcDbNoSync' "
 			"DESC 'Disable synchronous database writes' "
+			"EQUALITY booleanMatch "
 			"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
 	{ "envflags", "flags", 2, 0, 0, ARG_MAGIC|MDB_ENVFLAGS,
 		mdb_cf_gen, "( OLcfgDbAt:12.3 NAME 'olcDbEnvFlags' "
@@ -71,32 +73,39 @@ static ConfigTable mdbcfg[] = {
 		(void *)offsetof(struct mdb_info, mi_maxentrysize),
 		"( OLcfgDbAt:12.4 NAME 'olcDbMaxEntrySize' "
 		"DESC 'Maximum size of an entry in bytes' "
+		"EQUALITY integerMatch "
 		"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
 	{ "maxreaders", "num", 2, 2, 0, ARG_UINT|ARG_MAGIC|MDB_MAXREADERS,
 		mdb_cf_gen, "( OLcfgDbAt:12.1 NAME 'olcDbMaxReaders' "
 		"DESC 'Maximum number of threads that may access the DB concurrently' "
+		"EQUALITY integerMatch "
 		"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
 	{ "maxsize", "size", 2, 2, 0, ARG_ULONG|ARG_MAGIC|MDB_MAXSIZE,
 		mdb_cf_gen, "( OLcfgDbAt:12.2 NAME 'olcDbMaxSize' "
 		"DESC 'Maximum size of DB in bytes' "
+		"EQUALITY integerMatch "
 		"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
 	{ "mode", "mode", 2, 2, 0, ARG_MAGIC|MDB_MODE,
 		mdb_cf_gen, "( OLcfgDbAt:0.3 NAME 'olcDbMode' "
 		"DESC 'Unix permissions of database files' "
+		"EQUALITY caseIgnoreMatch "
 		"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "multival", "attr> <hi,lo", 3, 3, 0, ARG_MAGIC|MDB_MULTIVAL,
 		mdb_cf_gen,
 		"( OLcfgDbAt:12.6 NAME 'olcDbMultival' "
 		"DESC 'Hi/Lo thresholds for splitting multivalued attr out of main blob' "
+		"EQUALITY caseIgnoreMatch "
 		"SYNTAX OMsDirectoryString )", NULL, NULL },
 	{ "rtxnsize", "entries", 2, 2, 0, ARG_UINT|ARG_OFFSET,
 		(void *)offsetof(struct mdb_info, mi_rtxn_size),
 		"( OLcfgDbAt:12.5 NAME 'olcDbRtxnSize' "
 		"DESC 'Number of entries to process in one read transaction' "
+		"EQUALITY integerMatch "
 		"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
 	{ "searchstack", "depth", 2, 2, 0, ARG_INT|ARG_MAGIC|MDB_SSTACK,
 		mdb_cf_gen, "( OLcfgDbAt:1.9 NAME 'olcDbSearchStack' "
 		"DESC 'Depth of search stack in IDLs' "
+		"EQUALITY integerMatch "
 		"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
 	{ NULL, NULL, 0, 0, 0, ARG_IGNORED,
 		NULL, NULL, NULL, NULL }
diff --git a/servers/slapd/back-meta/config.c b/servers/slapd/back-meta/config.c
index 048a915b8d..dccc5e218f 100644
--- a/servers/slapd/back-meta/config.c
+++ b/servers/slapd/back-meta/config.c
@@ -114,6 +114,7 @@ static ConfigTable metacfg[] = {
 		meta_back_cf_gen, "( OLcfgDbAt:0.14 "
 			"NAME 'olcDbURI' "
 			"DESC 'URI (list) for remote DSA' "
+			"EQUALITY caseExactMatch "
 			"SYNTAX OMsDirectoryString "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -122,6 +123,7 @@ static ConfigTable metacfg[] = {
 		meta_back_cf_gen, "( OLcfgDbAt:3.1 "
 			"NAME 'olcDbStartTLS' "
 			"DESC 'StartTLS' "
+			"EQUALITY caseExactMatch "
 			"SYNTAX OMsDirectoryString "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -130,6 +132,7 @@ static ConfigTable metacfg[] = {
 		meta_back_cf_gen, "( OLcfgDbAt:3.2 "
 			"NAME 'olcDbACLAuthcDn' "
 			"DESC 'Remote ACL administrative identity' "
+			"EQUALITY distinguishedNameMatch "
 			"OBSOLETE "
 			"SYNTAX OMsDN "
 			"SINGLE-VALUE )",
@@ -156,6 +159,7 @@ static ConfigTable metacfg[] = {
 		meta_back_cf_gen, "( OLcfgDbAt:3.7 "
 			"NAME 'olcDbIDAssertBind' "
 			"DESC 'Remote Identity Assertion administrative identity auth bind configuration' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -173,6 +177,7 @@ static ConfigTable metacfg[] = {
 		meta_back_cf_gen, "( OLcfgDbAt:3.10 "
 			"NAME 'olcDbRebindAsUser' "
 			"DESC 'Rebind as user' "
+			"EQUALITY booleanMatch "
 			"SYNTAX OMsBoolean "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -181,6 +186,7 @@ static ConfigTable metacfg[] = {
 		meta_back_cf_gen, "( OLcfgDbAt:3.11 "
 			"NAME 'olcDbChaseReferrals' "
 			"DESC 'Chase referrals' "
+			"EQUALITY booleanMatch "
 			"SYNTAX OMsBoolean "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -189,6 +195,7 @@ static ConfigTable metacfg[] = {
 		meta_back_cf_gen, "( OLcfgDbAt:3.12 "
 			"NAME 'olcDbTFSupport' "
 			"DESC 'Absolute filters support' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -197,6 +204,7 @@ static ConfigTable metacfg[] = {
 		meta_back_cf_gen, "( OLcfgDbAt:3.14 "
 			"NAME 'olcDbTimeout' "
 			"DESC 'Per-operation timeouts' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -205,6 +213,7 @@ static ConfigTable metacfg[] = {
 		meta_back_cf_gen, "( OLcfgDbAt:3.15 "
 			"NAME 'olcDbIdleTimeout' "
 			"DESC 'connection idle timeout' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -213,6 +222,7 @@ static ConfigTable metacfg[] = {
 		meta_back_cf_gen, "( OLcfgDbAt:3.16 "
 			"NAME 'olcDbConnTtl' "
 			"DESC 'connection ttl' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -229,6 +239,7 @@ static ConfigTable metacfg[] = {
 		meta_back_cf_gen, "( OLcfgDbAt:3.18 "
 			"NAME 'olcDbProtocolVersion' "
 			"DESC 'protocol version' "
+			"EQUALITY integerMatch "
 			"SYNTAX OMsInteger "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -237,6 +248,7 @@ static ConfigTable metacfg[] = {
 		meta_back_cf_gen, "( OLcfgDbAt:3.19 "
 			"NAME 'olcDbSingleConn' "
 			"DESC 'cache a single connection per identity' "
+			"EQUALITY booleanMatch "
 			"SYNTAX OMsBoolean "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -245,6 +257,7 @@ static ConfigTable metacfg[] = {
 		meta_back_cf_gen, "( OLcfgDbAt:3.20 "
 			"NAME 'olcDbCancel' "
 			"DESC 'abandon/ignore/exop operations when appropriate' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -253,6 +266,7 @@ static ConfigTable metacfg[] = {
 		meta_back_cf_gen, "( OLcfgDbAt:3.21 "
 			"NAME 'olcDbQuarantine' "
 			"DESC 'Quarantine database if connection fails and retry according to rule' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -261,6 +275,7 @@ static ConfigTable metacfg[] = {
 		meta_back_cf_gen, "( OLcfgDbAt:3.22 "
 			"NAME 'olcDbUseTemporaryConn' "
 			"DESC 'Use temporary connections if the cached one is busy' "
+			"EQUALITY booleanMatch "
 			"SYNTAX OMsBoolean "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -269,6 +284,7 @@ static ConfigTable metacfg[] = {
 		meta_back_cf_gen, "( OLcfgDbAt:3.23 "
 			"NAME 'olcDbConnectionPoolMax' "
 			"DESC 'Max size of privileged connections pool' "
+			"EQUALITY integerMatch "
 			"SYNTAX OMsInteger "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -278,6 +294,7 @@ static ConfigTable metacfg[] = {
 		meta_back_cf_gen, "( OLcfgDbAt:3.24 "
 			"NAME 'olcDbSessionTrackingRequest' "
 			"DESC 'Add session tracking control to proxied requests' "
+			"EQUALITY booleanMatch "
 			"SYNTAX OMsBoolean "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -287,6 +304,7 @@ static ConfigTable metacfg[] = {
 		meta_back_cf_gen, "( OLcfgDbAt:3.25 "
 			"NAME 'olcDbNoRefs' "
 			"DESC 'Do not return search reference responses' "
+			"EQUALITY booleanMatch "
 			"SYNTAX OMsBoolean "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -295,6 +313,7 @@ static ConfigTable metacfg[] = {
 		meta_back_cf_gen, "( OLcfgDbAt:3.26 "
 			"NAME 'olcDbNoUndefFilter' "
 			"DESC 'Do not propagate undefined search filters' "
+			"EQUALITY booleanMatch "
 			"SYNTAX OMsBoolean "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -343,6 +362,7 @@ static ConfigTable metacfg[] = {
 		meta_back_cf_gen, "( OLcfgDbAt:3.105 "
 			"NAME 'olcDbDefaultTarget' "
 			"DESC 'Specify the default target' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -351,6 +371,7 @@ static ConfigTable metacfg[] = {
 		meta_back_cf_gen, "( OLcfgDbAt:3.106 "
 			"NAME 'olcDbDnCacheTtl' "
 			"DESC 'dncache ttl' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -359,7 +380,8 @@ static ConfigTable metacfg[] = {
 		meta_back_cf_gen, "( OLcfgDbAt:3.107 "
 			"NAME 'olcDbBindTimeout' "
 			"DESC 'bind timeout' "
-			"SYNTAX OMsDirectoryString "
+			"EQUALITY integerMatch "
+			"SYNTAX OMsInteger "
 			"SINGLE-VALUE )",
 		NULL, NULL },
 	{ "onerr", "CONTINUE|report|stop", 2, 2, 0,
@@ -367,6 +389,7 @@ static ConfigTable metacfg[] = {
 		meta_back_cf_gen, "( OLcfgDbAt:3.108 "
 			"NAME 'olcDbOnErr' "
 			"DESC 'error handling' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -375,6 +398,7 @@ static ConfigTable metacfg[] = {
 		meta_back_cf_gen, "( OLcfgDbAt:3.109 "
 			"NAME 'olcDbPseudoRootBindDefer' "
 			"DESC 'error handling' "
+			"EQUALITY booleanMatch "
 			"SYNTAX OMsBoolean "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -392,6 +416,7 @@ static ConfigTable metacfg[] = {
 		meta_back_cf_gen, "( OLcfgDbAt:3.110 "
 			"NAME 'olcDbNretries' "
 			"DESC 'retry handling' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -400,6 +425,7 @@ static ConfigTable metacfg[] = {
 		meta_back_cf_gen, "( OLcfgDbAt:3.111 "
 			"NAME 'olcDbClientPr' "
 			"DESC 'PagedResults handling' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -416,6 +442,7 @@ static ConfigTable metacfg[] = {
 		meta_back_cf_gen, "( OLcfgDbAt:3.29 "
 			"NAME 'olcDbKeepalive' "
 			"DESC 'TCP keepalive' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -1276,11 +1303,12 @@ meta_back_cf_gen( ConfigArgs *c )
 		case LDAP_BACK_CFG_NETWORK_TIMEOUT:
 			if ( mc->mc_network_timeout == 0 ) {
 				return 1;
+			} else {
+				char	buf[ SLAP_TEXT_BUFLEN ];
+				lutil_unparse_time( buf, sizeof( buf ), mc->mc_network_timeout );
+				ber_str2bv( buf, 0, 0, &bv );
+				value_add_one( &c->rvalue_vals, &bv );
 			}
-			bv.bv_len = snprintf( c->cr_msg, sizeof(c->cr_msg), "%ld",
-				mc->mc_network_timeout );
-			bv.bv_val = c->cr_msg;
-			value_add_one( &c->rvalue_vals, &bv );
 			break;
 
 		case LDAP_BACK_CFG_NOREFS:
diff --git a/servers/slapd/back-perl/config.c b/servers/slapd/back-perl/config.c
index 544e960981..080e10b44e 100644
--- a/servers/slapd/back-perl/config.c
+++ b/servers/slapd/back-perl/config.c
@@ -43,6 +43,7 @@ static ConfigTable perlcfg[] = {
 		(void *)offsetof(PerlBackend, pb_filter_search_results),
 		"( OLcfgDbAt:11.3 NAME 'olcPerlFilterSearchResults' "
 			"DESC 'Filter search results before returning to client' "
+			"EQUALITY booleanMatch "
 			"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
 	{ "perlModuleConfig", "args", 2, 0, 0,
 		ARG_MAGIC|PERL_CONFIG, perl_cf, 
diff --git a/servers/slapd/back-sql/config.c b/servers/slapd/back-sql/config.c
index 7607adca58..09e251d156 100644
--- a/servers/slapd/back-sql/config.c
+++ b/servers/slapd/back-sql/config.c
@@ -68,155 +68,186 @@ static ConfigTable sqlcfg[] = {
 		(void *)offsetof(struct backsql_info, sql_dbhost),
 		"( OLcfgDbAt:6.1 NAME 'olcDbHost' "
 			"DESC 'Hostname of SQL server' "
+			"EQUALITY caseExactMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "dbname", "name", 2, 2, 0, ARG_STRING|ARG_OFFSET,
 		(void *)offsetof(struct backsql_info, sql_dbname),
 		"( OLcfgDbAt:6.2 NAME 'olcDbName' "
 			"DESC 'Name of SQL database' "
+			"EQUALITY caseExactMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "dbuser", "username", 2, 2, 0, ARG_STRING|ARG_OFFSET,
 		(void *)offsetof(struct backsql_info, sql_dbuser),
 		"( OLcfgDbAt:6.3 NAME 'olcDbUser' "
 			"DESC 'Username for SQL session' "
+			"EQUALITY caseExactMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "dbpasswd", "password", 2, 2, 0, ARG_STRING|ARG_OFFSET,
 		(void *)offsetof(struct backsql_info, sql_dbpasswd),
 		"( OLcfgDbAt:6.4 NAME 'olcDbPass' "
 			"DESC 'Password for SQL session' "
+			"EQUALITY caseExactMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "concat_pattern", "pattern", 2, 2, 0,
 		ARG_STRING|ARG_MAGIC|BSQL_CONCAT_PATT, (void *)sql_cf_gen,
 		"( OLcfgDbAt:6.20 NAME 'olcSqlConcatPattern' "
 			"DESC 'Pattern used to concatenate strings' "
+			"EQUALITY caseExactMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "subtree_cond", "SQL expression", 2, 0, 0, ARG_BERVAL|ARG_QUOTE|ARG_OFFSET,
 		(void *)offsetof(struct backsql_info, sql_subtree_cond),
 		"( OLcfgDbAt:6.21 NAME 'olcSqlSubtreeCond' "
 			"DESC 'Where-clause template for a subtree search condition' "
+			"EQUALITY caseExactMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "children_cond", "SQL expression", 2, 0, 0, ARG_BERVAL|ARG_QUOTE|ARG_OFFSET,
 		(void *)offsetof(struct backsql_info, sql_children_cond),
 		"( OLcfgDbAt:6.22 NAME 'olcSqlChildrenCond' "
 			"DESC 'Where-clause template for a children search condition' "
+			"EQUALITY caseExactMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "dn_match_cond", "SQL expression", 2, 0, 0, ARG_BERVAL|ARG_QUOTE|ARG_OFFSET,
 		(void *)offsetof(struct backsql_info, sql_dn_match_cond),
 		"( OLcfgDbAt:6.23 NAME 'olcSqlDnMatchCond' "
 			"DESC 'Where-clause template for a DN match search condition' "
+			"EQUALITY caseExactMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "oc_query", "SQL expression", 2, 0, 0, ARG_STRING|ARG_QUOTE|ARG_OFFSET,
 		(void *)offsetof(struct backsql_info, sql_oc_query),
 		"( OLcfgDbAt:6.24 NAME 'olcSqlOcQuery' "
 			"DESC 'Query used to collect objectClass mapping data' "
+			"EQUALITY caseExactMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "at_query", "SQL expression", 2, 0, 0, ARG_STRING|ARG_QUOTE|ARG_OFFSET,
 		(void *)offsetof(struct backsql_info, sql_at_query),
 		"( OLcfgDbAt:6.25 NAME 'olcSqlAtQuery' "
 			"DESC 'Query used to collect attributeType mapping data' "
+			"EQUALITY caseExactMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "insentry_stmt", "SQL expression", 2, 0, 0, ARG_STRING|ARG_QUOTE|ARG_OFFSET,
 		(void *)offsetof(struct backsql_info, sql_insentry_stmt),
 		"( OLcfgDbAt:6.26 NAME 'olcSqlInsEntryStmt' "
 			"DESC 'Statement used to insert a new entry' "
+			"EQUALITY caseExactMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "create_needs_select", "yes|no", 2, 2, 0,
 		ARG_ON_OFF|ARG_MAGIC|BSQL_CREATE_NEEDS_SEL, (void *)sql_cf_gen,
 		"( OLcfgDbAt:6.27 NAME 'olcSqlCreateNeedsSelect' "
 			"DESC 'Whether entry creation needs a subsequent select' "
+			"EQUALITY booleanMatch "
 			"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
 	{ "upper_func", "SQL function name", 2, 2, 0, ARG_BERVAL|ARG_OFFSET,
 		(void *)offsetof(struct backsql_info, sql_upper_func),
 		"( OLcfgDbAt:6.28 NAME 'olcSqlUpperFunc' "
 			"DESC 'Function that converts a value to uppercase' "
+			"EQUALITY caseExactMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "upper_needs_cast", "yes|no", 2, 2, 0,
 		ARG_ON_OFF|ARG_MAGIC|BSQL_UPPER_NEEDS_CAST, (void *)sql_cf_gen,
 		"( OLcfgDbAt:6.29 NAME 'olcSqlUpperNeedsCast' "
 			"DESC 'Whether olcSqlUpperFunc needs an explicit cast' "
+			"EQUALITY booleanMatch "
 			"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
 	{ "strcast_func", "SQL function name", 2, 2, 0, ARG_BERVAL|ARG_OFFSET,
 		(void *)offsetof(struct backsql_info, sql_strcast_func),
 		"( OLcfgDbAt:6.30 NAME 'olcSqlStrcastFunc' "
 			"DESC 'Function that converts a value to a string' "
+			"EQUALITY caseExactMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "delentry_stmt", "SQL expression", 2, 0, 0, ARG_STRING|ARG_QUOTE|ARG_OFFSET,
 		(void *)offsetof(struct backsql_info, sql_delentry_stmt),
 		"( OLcfgDbAt:6.31 NAME 'olcSqlDelEntryStmt' "
 			"DESC 'Statement used to delete an existing entry' "
+			"EQUALITY caseExactMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "renentry_stmt", "SQL expression", 2, 0, 0, ARG_STRING|ARG_QUOTE|ARG_OFFSET,
 		(void *)offsetof(struct backsql_info, sql_renentry_stmt),
 		"( OLcfgDbAt:6.32 NAME 'olcSqlRenEntryStmt' "
 			"DESC 'Statement used to rename an entry' "
+			"EQUALITY caseExactMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "delobjclasses_stmt", "SQL expression", 2, 0, 0, ARG_STRING|ARG_QUOTE|ARG_OFFSET,
 		(void *)offsetof(struct backsql_info, sql_delobjclasses_stmt),
 		"( OLcfgDbAt:6.33 NAME 'olcSqlDelObjclassesStmt' "
 			"DESC 'Statement used to delete the ID of an entry' "
+			"EQUALITY caseExactMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "has_ldapinfo_dn_ru", "yes|no", 2, 2, 0,
 		ARG_ON_OFF|ARG_MAGIC|BSQL_HAS_LDAPINFO_DN_RU, (void *)sql_cf_gen,
 		"( OLcfgDbAt:6.34 NAME 'olcSqlHasLDAPinfoDnRu' "
 			"DESC 'Whether the dn_ru column is present' "
+			"EQUALITY booleanMatch "
 			"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
 	{ "fail_if_no_mapping", "yes|no", 2, 2, 0,
 		ARG_ON_OFF|ARG_MAGIC|BSQL_FAIL_IF_NO_MAPPING, (void *)sql_cf_gen,
 		"( OLcfgDbAt:6.35 NAME 'olcSqlFailIfNoMapping' "
 			"DESC 'Whether to fail on unknown attribute mappings' "
+			"EQUALITY booleanMatch "
 			"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
 	{ "allow_orphans", "yes|no", 2, 2, 0,
 		ARG_ON_OFF|ARG_MAGIC|BSQL_ALLOW_ORPHANS, (void *)sql_cf_gen,
 		"( OLcfgDbAt:6.36 NAME 'olcSqlAllowOrphans' "
 			"DESC 'Whether to allow adding entries with no parent' "
+			"EQUALITY booleanMatch "
 			"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
 	{ "baseobject", "[file]", 1, 2, 0,
 		ARG_STRING|ARG_MAGIC|BSQL_BASE_OBJECT, (void *)sql_cf_gen,
 		"( OLcfgDbAt:6.37 NAME 'olcSqlBaseObject' "
 			"DESC 'Manage an in-memory baseObject entry' "
+			"EQUALITY caseExactMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "sqllayer", "name", 2, 0, 0,
 		ARG_MAGIC|BSQL_LAYER, (void *)sql_cf_gen,
 		"( OLcfgDbAt:6.38 NAME 'olcSqlLayer' "
 			"DESC 'Helper used to map DNs between LDAP and SQL' "
+			"EQUALITY caseExactMatch "
 			"SYNTAX OMsDirectoryString )", NULL, NULL },
 	{ "use_subtree_shortcut", "yes|no", 2, 2, 0,
 		ARG_ON_OFF|ARG_MAGIC|BSQL_SUBTREE_SHORTCUT, (void *)sql_cf_gen,
 		"( OLcfgDbAt:6.39 NAME 'olcSqlUseSubtreeShortcut' "
 			"DESC 'Collect all entries when searchBase is DB suffix' "
+			"EQUALITY booleanMatch "
 			"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
 	{ "fetch_all_attrs", "yes|no", 2, 2, 0,
 		ARG_ON_OFF|ARG_MAGIC|BSQL_FETCH_ALL_ATTRS, (void *)sql_cf_gen,
 		"( OLcfgDbAt:6.40 NAME 'olcSqlFetchAllAttrs' "
 			"DESC 'Require all attributes to always be loaded' "
+			"EQUALITY booleanMatch "
 			"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
 	{ "fetch_attrs", "attrlist", 2, 0, 0,
 		ARG_MAGIC|BSQL_FETCH_ATTRS, (void *)sql_cf_gen,
 		"( OLcfgDbAt:6.41 NAME 'olcSqlFetchAttrs' "
 			"DESC 'Set of attributes to always fetch' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "check_schema", "yes|no", 2, 2, 0,
 		ARG_ON_OFF|ARG_MAGIC|BSQL_CHECK_SCHEMA, (void *)sql_cf_gen,
 		"( OLcfgDbAt:6.42 NAME 'olcSqlCheckSchema' "
 			"DESC 'Check schema after modifications' "
+			"EQUALITY booleanMatch "
 			"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
 	{ "aliasing_keyword", "string", 2, 2, 0,
 		ARG_STRING|ARG_MAGIC|BSQL_ALIASING_KEYWORD, (void *)sql_cf_gen,
 		"( OLcfgDbAt:6.43 NAME 'olcSqlAliasingKeyword' "
 			"DESC 'The aliasing keyword' "
+			"EQUALITY caseExactMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "aliasing_quote", "string", 2, 2, 0, ARG_BERVAL|ARG_OFFSET,
 		(void *)offsetof(struct backsql_info, sql_aliasing_quote),
 		"( OLcfgDbAt:6.44 NAME 'olcSqlAliasingQuote' "
 			"DESC 'Quoting char of the aliasing keyword' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "autocommit", "yes|no", 2, 2, 0,
 		ARG_ON_OFF|ARG_MAGIC|BSQL_AUTOCOMMIT, (void *)sql_cf_gen,
 		"( OLcfgDbAt:6.45 NAME 'olcSqlAutocommit' "
+			"EQUALITY booleanMatch "
 			"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
 	{ "id_query", "SQL expression", 2, 0, 0, ARG_STRING|ARG_QUOTE|ARG_OFFSET,
 		(void *)offsetof(struct backsql_info, sql_id_query),
 		"( OLcfgDbAt:6.46 NAME 'olcSqlIdQuery' "
 			"DESC 'Query used to collect entryID mapping data' "
+			"EQUALITY caseExactMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ NULL, NULL, 0, 0, 0, ARG_IGNORED,
 		NULL, NULL, NULL, NULL }
diff --git a/servers/slapd/bconfig.c b/servers/slapd/bconfig.c
index 277703d18b..8b3d3757d3 100644
--- a/servers/slapd/bconfig.c
+++ b/servers/slapd/bconfig.c
@@ -293,12 +293,12 @@ static ConfigTable config_back_cf_table[] = {
 	{ "", "", 0, 0, 0, ARG_MAGIC,
 		&config_fname, "( OLcfgGlAt:78 NAME 'olcConfigFile' "
 			"DESC 'File for slapd configuration directives' "
-			"EQUALITY caseIgnoreMatch "
+			"EQUALITY caseExactMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "", "", 0, 0, 0, ARG_MAGIC,
 		&config_cfdir, "( OLcfgGlAt:79 NAME 'olcConfigDir' "
 			"DESC 'Directory for slapd configuration backend' "
-			"EQUALITY caseIgnoreMatch "
+			"EQUALITY caseExactMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "access",	NULL, 0, 0, 0, ARG_MAY_DB|ARG_MAGIC|CFG_ACL,
 		&config_generic, "( OLcfgGlAt:1 NAME 'olcAccess' "
@@ -308,6 +308,7 @@ static ConfigTable config_back_cf_table[] = {
 	{ "add_content_acl",	NULL, 0, 0, 0, ARG_MAY_DB|ARG_ON_OFF|ARG_MAGIC|CFG_ACL_ADD,
 		&config_generic, "( OLcfgGlAt:86 NAME 'olcAddContentAcl' "
 			"DESC 'Check ACLs against content of Add ops' "
+			"EQUALITY booleanMatch "
 			"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
 	{ "allows",	"features", 2, 0, 5, ARG_PRE_DB|ARG_MAGIC,
 		&config_allows, "( OLcfgGlAt:2 NAME 'olcAllows' "
@@ -317,7 +318,7 @@ static ConfigTable config_back_cf_table[] = {
 	{ "argsfile", "file", 2, 2, 0, ARG_STRING,
 		&slapd_args_file, "( OLcfgGlAt:3 NAME 'olcArgsFile' "
 			"DESC 'File for slapd command line options' "
-			"EQUALITY caseIgnoreMatch "
+			"EQUALITY caseExactMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "attributeoptions", NULL, 0, 0, 0, ARG_MAGIC|CFG_ATOPT,
 		&config_generic, "( OLcfgGlAt:5 NAME 'olcAttributeOptions' "
@@ -356,12 +357,15 @@ static ConfigTable config_back_cf_table[] = {
 				NULL, NULL },
 	{ "concurrency", "level", 2, 2, 0, ARG_INT|ARG_MAGIC|CFG_CONCUR,
 		&config_generic, "( OLcfgGlAt:10 NAME 'olcConcurrency' "
+			"EQUALITY integerMatch "
 			"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
 	{ "conn_max_pending", "max", 2, 2, 0, ARG_INT,
 		&slap_conn_max_pending, "( OLcfgGlAt:11 NAME 'olcConnMaxPending' "
+			"EQUALITY integerMatch "
 			"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
 	{ "conn_max_pending_auth", "max", 2, 2, 0, ARG_INT,
 		&slap_conn_max_pending_auth, "( OLcfgGlAt:12 NAME 'olcConnMaxPendingAuth' "
+			"EQUALITY integerMatch "
 			"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
 	{ "database", "type", 2, 2, 0, ARG_MAGIC|CFG_DATABASE,
 		&config_generic, "( OLcfgGlAt:13 NAME 'olcDatabase' "
@@ -369,9 +373,11 @@ static ConfigTable config_back_cf_table[] = {
 			"SUP olcBackend SINGLE-VALUE X-ORDERED 'SIBLINGS' )", NULL, NULL },
 	{ "defaultSearchBase", "dn", 2, 2, 0, ARG_PRE_BI|ARG_PRE_DB|ARG_DN|ARG_QUOTE|ARG_MAGIC,
 		&config_search_base, "( OLcfgGlAt:14 NAME 'olcDefaultSearchBase' "
+			"EQUALITY distinguishedNameMatch "
 			"SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL },
 	{ "disabled", "on|off", 2, 2, 0, ARG_DB|ARG_ON_OFF|ARG_MAGIC|CFG_DISABLED,
 		&config_generic, "( OLcfgDbAt:0.21 NAME 'olcDisabled' "
+			"EQUALITY booleanMatch "
 			"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
 	{ "disallows", "features", 2, 0, 8, ARG_PRE_DB|ARG_MAGIC,
 		&config_disallows, "( OLcfgGlAt:15 NAME 'olcDisallows' "
@@ -395,36 +401,46 @@ static ConfigTable config_back_cf_table[] = {
 		ARG_IGNORED, NULL,
 #endif
 		"( OLcfgGlAt:17 NAME 'olcGentleHUP' "
+			"EQUALITY booleanMatch "
 			"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
 	{ "hidden", "on|off", 2, 2, 0, ARG_DB|ARG_ON_OFF|ARG_MAGIC|CFG_HIDDEN,
 		&config_generic, "( OLcfgDbAt:0.17 NAME 'olcHidden' "
+			"EQUALITY booleanMatch "
 			"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
 	{ "idletimeout", "timeout", 2, 2, 0, ARG_INT,
 		&global_idletimeout, "( OLcfgGlAt:18 NAME 'olcIdleTimeout' "
+			"EQUALITY integerMatch "
 			"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
 	{ "include", "file", 2, 2, 0, ARG_MAGIC,
 		&config_include, "( OLcfgGlAt:19 NAME 'olcInclude' "
 			"SUP labeledURI )", NULL, NULL },
 	{ "index_hash64", "on|off", 2, 2, 0, ARG_ON_OFF|ARG_MAGIC|CFG_IX_HASH64,
 		&config_generic, "( OLcfgGlAt:94 NAME 'olcIndexHash64' "
+			"EQUALITY integerMatch "
 			"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
 	{ "index_substr_if_minlen", "min", 2, 2, 0, ARG_UINT|ARG_NONZERO|ARG_MAGIC|CFG_SSTR_IF_MIN,
 		&config_generic, "( OLcfgGlAt:20 NAME 'olcIndexSubstrIfMinLen' "
+			"EQUALITY integerMatch "
 			"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
 	{ "index_substr_if_maxlen", "max", 2, 2, 0, ARG_UINT|ARG_NONZERO|ARG_MAGIC|CFG_SSTR_IF_MAX,
 		&config_generic, "( OLcfgGlAt:21 NAME 'olcIndexSubstrIfMaxLen' "
+			"EQUALITY integerMatch "
 			"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
 	{ "index_substr_any_len", "len", 2, 2, 0, ARG_UINT|ARG_NONZERO,
 		&index_substr_any_len, "( OLcfgGlAt:22 NAME 'olcIndexSubstrAnyLen' "
+			"EQUALITY integerMatch "
 			"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
 	{ "index_substr_any_step", "step", 2, 2, 0, ARG_UINT|ARG_NONZERO,
 		&index_substr_any_step, "( OLcfgGlAt:23 NAME 'olcIndexSubstrAnyStep' "
+			"EQUALITY integerMatch "
 			"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
 	{ "index_intlen", "len", 2, 2, 0, ARG_UINT|ARG_MAGIC|CFG_IX_INTLEN,
 		&config_generic, "( OLcfgGlAt:84 NAME 'olcIndexIntLen' "
+			"EQUALITY integerMatch "
 			"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
 	{ "lastmod", "on|off", 2, 2, 0, ARG_DB|ARG_ON_OFF|ARG_MAGIC|CFG_LASTMOD,
 		&config_generic, "( OLcfgDbAt:0.4 NAME 'olcLastMod' "
+			"EQUALITY booleanMatch "
 			"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
 	{ "ldapsyntax",	"syntax", 2, 0, 0,
 		ARG_PAREN|ARG_MAGIC|CFG_SYNTAX,
@@ -445,12 +461,15 @@ static ConfigTable config_back_cf_table[] = {
 		ARG_UINT|ARG_MAGIC|CFG_LTHREADS, &config_generic,
 #endif
 		"( OLcfgGlAt:93 NAME 'olcListenerThreads' "
+			"EQUALITY integerMatch "
 			"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
 	{ "localSSF", "ssf", 2, 2, 0, ARG_INT,
 		&local_ssf, "( OLcfgGlAt:26 NAME 'olcLocalSSF' "
+			"EQUALITY integerMatch "
 			"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
 	{ "logfile", "file", 2, 2, 0, ARG_STRING|ARG_MAGIC|CFG_LOGFILE,
 		&config_generic, "( OLcfgGlAt:27 NAME 'olcLogFile' "
+			"EQUALITY caseExactMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "loglevel", "level", 2, 0, 0, ARG_MAGIC,
 		&config_loglevel, "( OLcfgGlAt:28 NAME 'olcLogLevel' "
@@ -458,9 +477,11 @@ static ConfigTable config_back_cf_table[] = {
 			"SYNTAX OMsDirectoryString )", NULL, NULL },
 	{ "maxDerefDepth", "depth", 2, 2, 0, ARG_DB|ARG_INT|ARG_MAGIC|CFG_DEPTH,
 		&config_generic, "( OLcfgDbAt:0.6 NAME 'olcMaxDerefDepth' "
+			"EQUALITY integerMatch "
 			"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
 	{ "mirrormode", "on|off", 2, 2, 0, ARG_DB|ARG_ON_OFF|ARG_MAGIC|CFG_MIRRORMODE,
 		&config_generic, "( OLcfgDbAt:0.16 NAME 'olcMirrorMode' "
+			"EQUALITY booleanMatch "
 			"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
 	{ "moduleload",	"file", 2, 0, 0,
 #ifdef SLAPD_MODULES
@@ -478,10 +499,12 @@ static ConfigTable config_back_cf_table[] = {
 		ARG_IGNORED, NULL,
 #endif
 		"( OLcfgGlAt:31 NAME 'olcModulePath' "
+			"EQUALITY caseExactMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "monitoring", "TRUE|FALSE", 2, 2, 0,
 		ARG_MAGIC|CFG_MONITORING|ARG_DB|ARG_ON_OFF, &config_generic,
 		"( OLcfgDbAt:0.18 NAME 'olcMonitoring' "
+			"EQUALITY booleanMatch "
 			"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
 	{ "objectclass", "objectclass", 2, 0, 0, ARG_PAREN|ARG_MAGIC|CFG_OC,
 		&config_generic, "( OLcfgGlAt:32 NAME 'olcObjectClasses' "
@@ -500,6 +523,7 @@ static ConfigTable config_back_cf_table[] = {
 			"SUP olcDatabase SINGLE-VALUE X-ORDERED 'SIBLINGS' )", NULL, NULL },
 	{ "password-crypt-salt-format", "salt", 2, 2, 0, ARG_STRING|ARG_MAGIC|CFG_SALT,
 		&config_generic, "( OLcfgGlAt:35 NAME 'olcPasswordCryptSaltFormat' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "password-hash", "hash", 2, 0, 0, ARG_MAGIC,
 		&config_passwd_hash, "( OLcfgGlAt:36 NAME 'olcPasswordHash' "
@@ -507,6 +531,7 @@ static ConfigTable config_back_cf_table[] = {
 			"SYNTAX OMsDirectoryString )", NULL, NULL },
 	{ "pidfile", "file", 2, 2, 0, ARG_STRING,
 		&slapd_pid_file, "( OLcfgGlAt:37 NAME 'olcPidFile' "
+			"EQUALITY caseExactMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "plugin", NULL, 0, 0, 0,
 #ifdef LDAP_SLAPI
@@ -524,9 +549,11 @@ static ConfigTable config_back_cf_table[] = {
 		ARG_IGNORED, NULL,
 #endif
 		"( OLcfgGlAt:39 NAME 'olcPluginLogFile' "
+			"EQUALITY caseExactMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "readonly", "on|off", 2, 2, 0, ARG_MAY_DB|ARG_ON_OFF|ARG_MAGIC|CFG_RO,
 		&config_generic, "( OLcfgGlAt:40 NAME 'olcReadOnly' "
+			"EQUALITY booleanMatch "
 			"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
 	{ "referral", "url", 2, 2, 0, ARG_MAGIC,
 		&config_referral, "( OLcfgGlAt:41 NAME 'olcReferral' "
@@ -562,6 +589,7 @@ static ConfigTable config_back_cf_table[] = {
 		ARG_IGNORED, NULL,
 #endif
 		"( OLcfgGlAt:49 NAME 'olcReverseLookup' "
+			"EQUALITY booleanMatch "
 			"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
 	{ "rootdn", "dn", 2, 2, 0, ARG_DB|ARG_DN|ARG_QUOTE|ARG_MAGIC,
 		&config_rootdn, "( OLcfgDbAt:0.8 NAME 'olcRootDN' "
@@ -573,6 +601,7 @@ static ConfigTable config_back_cf_table[] = {
 			"SYNTAX OMsDirectoryString )", NULL, NULL },
 	{ "rootpw", "password", 2, 2, 0, ARG_BERVAL|ARG_DB|ARG_MAGIC,
 		&config_rootpw, "( OLcfgDbAt:0.9 NAME 'olcRootPW' "
+			"EQUALITY octetStringMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "sasl-authz-policy", NULL, 2, 2, 0, ARG_MAGIC|CFG_AZPOLICY,
 		&config_generic, NULL, NULL, NULL },
@@ -583,6 +612,7 @@ static ConfigTable config_back_cf_table[] = {
 		ARG_IGNORED, NULL,
 #endif
 		"( OLcfgGlAt:89 NAME 'olcSaslAuxprops' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "sasl-auxprops-dontusecopy", NULL, 2, 0, 0,
 #if defined(HAVE_CYRUS_SASL) && defined(SLAP_AUXPROP_DONTUSECOPY)
@@ -609,6 +639,7 @@ static ConfigTable config_back_cf_table[] = {
 		ARG_IGNORED, NULL,
 #endif
 		"( OLcfgGlAt:53 NAME 'olcSaslHost' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "sasl-realm", "realm", 2, 2, 0,
 #ifdef HAVE_CYRUS_SASL
@@ -617,6 +648,7 @@ static ConfigTable config_back_cf_table[] = {
 		ARG_IGNORED, NULL,
 #endif
 		"( OLcfgGlAt:54 NAME 'olcSaslRealm' "
+			"EQUALITY caseExactMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "sasl-regexp", NULL, 3, 3, 0, ARG_MAGIC|CFG_AZREGEXP,
 		&config_generic, NULL, NULL, NULL },
@@ -627,6 +659,7 @@ static ConfigTable config_back_cf_table[] = {
 		ARG_IGNORED, NULL,
 #endif
 		"( OLcfgGlAt:56 NAME 'olcSaslSecProps' "
+			"EQUALITY caseExactMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "saslRegexp",	NULL, 3, 3, 0, ARG_MAGIC|CFG_AZREGEXP,
 		&config_generic, NULL, NULL, NULL },
@@ -644,12 +677,15 @@ static ConfigTable config_back_cf_table[] = {
 			"SYNTAX OMsDirectoryString )", NULL, NULL },
 	{ "sizelimit", "limit",	2, 0, 0, ARG_MAY_DB|ARG_MAGIC,
 		&config_sizelimit, "( OLcfgGlAt:60 NAME 'olcSizeLimit' "
+			"EQUALITY caseExactMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "sockbuf_max_incoming", "max", 2, 2, 0, ARG_BER_LEN_T,
 		&sockbuf_max_incoming, "( OLcfgGlAt:61 NAME 'olcSockbufMaxIncoming' "
+			"EQUALITY integerMatch "
 			"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
 	{ "sockbuf_max_incoming_auth", "max", 2, 2, 0, ARG_BER_LEN_T,
 		&sockbuf_max_incoming_auth, "( OLcfgGlAt:62 NAME 'olcSockbufMaxIncomingAuth' "
+			"EQUALITY integerMatch "
 			"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
 	{ "sortvals", "attr", 2, 0, 0, ARG_MAGIC|CFG_SORTVALS,
 		&config_generic, "( OLcfgGlAt:83 NAME 'olcSortVals' "
@@ -658,6 +694,7 @@ static ConfigTable config_back_cf_table[] = {
 			"SYNTAX OMsDirectoryString )", NULL, NULL },
 	{ "subordinate", "[advertise]", 1, 2, 0, ARG_DB|ARG_MAGIC,
 		&config_subordinate, "( OLcfgDbAt:0.15 NAME 'olcSubordinate' "
+			"EQUALITY caseExactMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "suffix",	"suffix", 2, 2, 0, ARG_DB|ARG_DN|ARG_QUOTE|ARG_MAGIC,
 		&config_suffix, "( OLcfgDbAt:0.10 NAME 'olcSuffix' "
@@ -666,6 +703,7 @@ static ConfigTable config_back_cf_table[] = {
 	{ "sync_use_subentry", NULL, 0, 0, 0, ARG_ON_OFF|ARG_DB|ARG_MAGIC|CFG_SYNC_SUBENTRY,
 		&config_generic, "( OLcfgDbAt:0.19 NAME 'olcSyncUseSubentry' "
 			"DESC 'Store sync context in a subentry' "
+			"EQUALITY booleanMatch "
 			"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
 	{ "syncrepl", NULL, 0, 0, 0, ARG_DB|ARG_MAGIC,
 		&syncrepl_config, "( OLcfgDbAt:0.11 NAME 'olcSyncrepl' "
@@ -678,6 +716,7 @@ static ConfigTable config_back_cf_table[] = {
 		ARG_MAGIC, &config_tcp_buffer,
 #endif /* LDAP_TCP_BUFFER */
 			"( OLcfgGlAt:90 NAME 'olcTCPBuffer' "
+			"EQUALITY caseExactMatch "
 			"DESC 'Custom TCP buffer size' "
 			"SYNTAX OMsDirectoryString )", NULL, NULL },
 	{ "threads", "count", 2, 2, 0,
@@ -687,6 +726,7 @@ static ConfigTable config_back_cf_table[] = {
 		ARG_INT|ARG_MAGIC|CFG_THREADS, &config_generic,
 #endif
 		"( OLcfgGlAt:66 NAME 'olcThreads' "
+			"EQUALITY integerMatch "
 			"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
 	{ "threadqueues", "count", 2, 2, 0,
 #ifdef NO_THREADS
@@ -695,9 +735,11 @@ static ConfigTable config_back_cf_table[] = {
 		ARG_INT|ARG_MAGIC|CFG_THREADQS, &config_generic,
 #endif
 		"( OLcfgGlAt:95 NAME 'olcThreadQueues' "
+			"EQUALITY integerMatch "
 			"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
 	{ "timelimit", "limit", 2, 0, 0, ARG_MAY_DB|ARG_MAGIC,
 		&config_timelimit, "( OLcfgGlAt:67 NAME 'olcTimeLimit' "
+			"EQUALITY caseExactMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "TLSCACertificate", NULL, 2, 2, 0,
 #ifdef HAVE_TLS
@@ -707,6 +749,7 @@ static ConfigTable config_back_cf_table[] = {
 #endif
 		"( OLcfgGlAt:97 NAME 'olcTLSCACertificate' "
 			"DESC 'X.509 certificate, must use ;binary' "
+			"EQUALITY certificateExactMatch "
 			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 SINGLE-VALUE )", NULL, NULL },
 	{ "TLSCACertificateFile", NULL, 2, 2, 0,
 #ifdef HAVE_TLS
@@ -715,6 +758,7 @@ static ConfigTable config_back_cf_table[] = {
 		ARG_IGNORED, NULL,
 #endif
 		"( OLcfgGlAt:68 NAME 'olcTLSCACertificateFile' "
+			"EQUALITY caseExactMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "TLSCACertificatePath", NULL,	2, 2, 0,
 #ifdef HAVE_TLS
@@ -723,6 +767,7 @@ static ConfigTable config_back_cf_table[] = {
 		ARG_IGNORED, NULL,
 #endif
 		"( OLcfgGlAt:69 NAME 'olcTLSCACertificatePath' "
+			"EQUALITY caseExactMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "TLSCertificate", NULL, 2, 2, 0,
 #ifdef HAVE_TLS
@@ -732,6 +777,7 @@ static ConfigTable config_back_cf_table[] = {
 #endif
 		"( OLcfgGlAt:98 NAME 'olcTLSCertificate' "
 			"DESC 'X.509 certificate, must use ;binary' "
+			"EQUALITY certificateExactMatch "
 			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 SINGLE-VALUE )", NULL, NULL },
 	{ "TLSCertificateFile", NULL, 2, 2, 0,
 #ifdef HAVE_TLS
@@ -740,6 +786,7 @@ static ConfigTable config_back_cf_table[] = {
 		ARG_IGNORED, NULL,
 #endif
 		"( OLcfgGlAt:70 NAME 'olcTLSCertificateFile' "
+			"EQUALITY caseExactMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "TLSCertificateKey", NULL, 2, 2, 0,
 #ifdef HAVE_TLS
@@ -749,6 +796,7 @@ static ConfigTable config_back_cf_table[] = {
 #endif
 		"( OLcfgGlAt:99 NAME 'olcTLSCertificateKey' "
 			"DESC 'X.509 privateKey, must use ;binary' "
+			"EQUALITY octetStringMatch "
 			"SYNTAX 1.3.6.1.4.1.4203.666.2.13 SINGLE-VALUE )", NULL, NULL },
 	{ "TLSCertificateKeyFile", NULL, 2, 2, 0,
 #ifdef HAVE_TLS
@@ -757,6 +805,7 @@ static ConfigTable config_back_cf_table[] = {
 		ARG_IGNORED, NULL,
 #endif
 		"( OLcfgGlAt:71 NAME 'olcTLSCertificateKeyFile' "
+			"EQUALITY caseExactMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "TLSCipherSuite",	NULL, 2, 2, 0,
 #ifdef HAVE_TLS
@@ -765,6 +814,7 @@ static ConfigTable config_back_cf_table[] = {
 		ARG_IGNORED, NULL,
 #endif
 		"( OLcfgGlAt:72 NAME 'olcTLSCipherSuite' "
+			"EQUALITY caseExactMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "TLSCRLCheck", NULL, 2, 2, 0,
 #if defined(HAVE_TLS) && defined(HAVE_OPENSSL_CRL)
@@ -773,6 +823,7 @@ static ConfigTable config_back_cf_table[] = {
 		ARG_IGNORED, NULL,
 #endif
 		"( OLcfgGlAt:73 NAME 'olcTLSCRLCheck' "
+			"EQUALITY caseExactMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "TLSCRLFile", NULL, 2, 2, 0,
 #if defined(HAVE_GNUTLS)
@@ -781,6 +832,7 @@ static ConfigTable config_back_cf_table[] = {
 		ARG_IGNORED, NULL,
 #endif
 		"( OLcfgGlAt:82 NAME 'olcTLSCRLFile' "
+			"EQUALITY caseExactMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "TLSRandFile", NULL, 2, 2, 0,
 #ifdef HAVE_TLS
@@ -789,6 +841,7 @@ static ConfigTable config_back_cf_table[] = {
 		ARG_IGNORED, NULL,
 #endif
 		"( OLcfgGlAt:74 NAME 'olcTLSRandFile' "
+			"EQUALITY caseExactMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "TLSVerifyClient", NULL, 2, 2, 0,
 #ifdef HAVE_TLS
@@ -797,6 +850,7 @@ static ConfigTable config_back_cf_table[] = {
 		ARG_IGNORED, NULL,
 #endif
 		"( OLcfgGlAt:75 NAME 'olcTLSVerifyClient' "
+			"EQUALITY caseExactMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "TLSDHParamFile", NULL, 2, 2, 0,
 #ifdef HAVE_TLS
@@ -805,6 +859,7 @@ static ConfigTable config_back_cf_table[] = {
 		ARG_IGNORED, NULL,
 #endif
 		"( OLcfgGlAt:77 NAME 'olcTLSDHParamFile' "
+			"EQUALITY caseExactMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "TLSECName", NULL, 2, 2, 0,
 #ifdef HAVE_TLS
@@ -813,6 +868,7 @@ static ConfigTable config_back_cf_table[] = {
 		ARG_IGNORED, NULL,
 #endif
 		"( OLcfgGlAt:96 NAME 'olcTLSECName' "
+			"EQUALITY caseExactMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "TLSProtocolMin",	NULL, 2, 2, 0,
 #ifdef HAVE_TLS
@@ -821,14 +877,17 @@ static ConfigTable config_back_cf_table[] = {
 		ARG_IGNORED, NULL,
 #endif
 		"( OLcfgGlAt:87 NAME 'olcTLSProtocolMin' "
+			"EQUALITY caseExactMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "tool-threads", "count", 2, 2, 0, ARG_INT|ARG_MAGIC|CFG_TTHREADS,
 		&config_generic, "( OLcfgGlAt:80 NAME 'olcToolThreads' "
+			"EQUALITY integerMatch "
 			"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
 	{ "ucdata-path", "path", 2, 2, 0, ARG_IGNORED,
 		NULL, NULL, NULL, NULL },
 	{ "updatedn", "dn", 2, 2, 0, ARG_DB|ARG_DN|ARG_QUOTE|ARG_MAGIC,
 		&config_updatedn, "( OLcfgDbAt:0.12 NAME 'olcUpdateDN' "
+			"EQUALITY distinguishedNameMatch "
 			"SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL },
 	{ "updateref", "url", 2, 2, 0, ARG_DB|ARG_MAGIC,
 		&config_updateref, "( OLcfgDbAt:0.13 NAME 'olcUpdateRef' "
@@ -836,6 +895,7 @@ static ConfigTable config_back_cf_table[] = {
 			"SUP labeledURI )", NULL, NULL },
 	{ "writetimeout", "timeout", 2, 2, 0, ARG_INT,
 		&global_writetimeout, "( OLcfgGlAt:88 NAME 'olcWriteTimeout' "
+			"EQUALITY integerMatch "
 			"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
 	{ NULL,	NULL, 0, 0, 0, ARG_IGNORED,
 		NULL, NULL, NULL, NULL }
diff --git a/servers/slapd/overlays/accesslog.c b/servers/slapd/overlays/accesslog.c
index 8c6c5893f0..031fedafdd 100644
--- a/servers/slapd/overlays/accesslog.c
+++ b/servers/slapd/overlays/accesslog.c
@@ -96,6 +96,7 @@ static ConfigTable log_cfats[] = {
 	{ "logdb", "suffix", 2, 2, 0, ARG_DN|ARG_MAGIC|LOG_DB,
 		log_cf_gen, "( OLcfgOvAt:4.1 NAME 'olcAccessLogDB' "
 			"DESC 'Suffix of database for log content' "
+			"EQUALITY distinguishedNameMatch "
 			"SUP distinguishedName SINGLE-VALUE )", NULL, NULL },
 	{ "logops", "op|writes|reads|session|all", 2, 0, 0,
 		ARG_MAGIC|LOG_OPS,
@@ -106,14 +107,17 @@ static ConfigTable log_cfats[] = {
 	{ "logpurge", "age> <interval", 3, 3, 0, ARG_MAGIC|LOG_PURGE,
 		log_cf_gen, "( OLcfgOvAt:4.3 NAME 'olcAccessLogPurge' "
 			"DESC 'Log cleanup parameters' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "logsuccess", NULL, 2, 2, 0, ARG_MAGIC|ARG_ON_OFF|LOG_SUCCESS,
 		log_cf_gen, "( OLcfgOvAt:4.4 NAME 'olcAccessLogSuccess' "
 			"DESC 'Log successful ops only' "
+			"EQUALITY booleanMatch "
 			"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
 	{ "logold", "filter", 2, 2, 0, ARG_MAGIC|LOG_OLD,
 		log_cf_gen, "( OLcfgOvAt:4.5 NAME 'olcAccessLogOld' "
 			"DESC 'Log old values when modifying entries matching the filter' "
+			"EQUALITY caseExactMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "logoldattr", "attrs", 2, 0, 0, ARG_MAGIC|LOG_OLDATTR,
 		log_cf_gen, "( OLcfgOvAt:4.6 NAME 'olcAccessLogOldAttr' "
diff --git a/servers/slapd/overlays/auditlog.c b/servers/slapd/overlays/auditlog.c
index 3c87b618ee..b94f842ab9 100644
--- a/servers/slapd/overlays/auditlog.c
+++ b/servers/slapd/overlays/auditlog.c
@@ -43,6 +43,7 @@ static ConfigTable auditlogcfg[] = {
 	  (void *)offsetof(auditlog_data, ad_logfile),
 	  "( OLcfgOvAt:15.1 NAME 'olcAuditlogFile' "
 	  "DESC 'Filename for auditlogging' "
+	  "EQUALITY caseExactMatch "
 	  "SYNTAX OMsDirectoryString )", NULL, NULL },
 	{ NULL, NULL, 0, 0, 0, ARG_IGNORED }
 };
diff --git a/servers/slapd/overlays/autoca.c b/servers/slapd/overlays/autoca.c
index 73a5747617..88cfd1e559 100644
--- a/servers/slapd/overlays/autoca.c
+++ b/servers/slapd/overlays/autoca.c
@@ -726,46 +726,55 @@ static ConfigTable autoca_cfg[] = {
 	  ARG_STRING|ARG_MAGIC|ACA_USRCLASS, autoca_cf,
 	  "( OLcfgOvAt:22.1 NAME 'olcACAuserClass' "
 	  "DESC 'ObjectClass of user entries' "
+	  "EQUALITY caseIgnoreMatch "
 	  "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "serverClass", "objectclass", 2, 2, 0,
 	  ARG_STRING|ARG_MAGIC|ACA_SRVCLASS, autoca_cf,
 	  "( OLcfgOvAt:22.2 NAME 'olcACAserverClass' "
 	  "DESC 'ObjectClass of server entries' "
+	  "EQUALITY caseIgnoreMatch "
 	  "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "userKeybits", "integer", 2, 2, 0,
 	  ARG_INT|ARG_MAGIC|ACA_USRKEYBITS, autoca_cf,
 	  "( OLcfgOvAt:22.3 NAME 'olcACAuserKeybits' "
 	  "DESC 'Size of PrivateKey for user entries' "
+	  "EQUALITY integerMatch "
 	  "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
 	{ "serverKeybits", "integer", 2, 2, 0,
 	  ARG_INT|ARG_MAGIC|ACA_SRVKEYBITS, autoca_cf,
 	  "( OLcfgOvAt:22.4 NAME 'olcACAserverKeybits' "
 	  "DESC 'Size of PrivateKey for server entries' "
+	  "EQUALITY integerMatch "
 	  "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
 	{ "caKeybits", "integer", 2, 2, 0,
 	  ARG_INT|ARG_MAGIC|ACA_CAKEYBITS, autoca_cf,
 	  "( OLcfgOvAt:22.5 NAME 'olcACAKeybits' "
 	  "DESC 'Size of PrivateKey for CA certificate' "
+	  "EQUALITY integerMatch "
 	  "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
 	{ "userDays", "integer", 2, 2, 0,
 	  ARG_INT|ARG_MAGIC|ACA_USRDAYS, autoca_cf,
 	  "( OLcfgOvAt:22.6 NAME 'olcACAuserDays' "
 	  "DESC 'Lifetime of user certificates in days' "
+	  "EQUALITY integerMatch "
 	  "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
 	{ "serverDays", "integer", 2, 2, 0,
 	  ARG_INT|ARG_MAGIC|ACA_SRVDAYS, autoca_cf,
 	  "( OLcfgOvAt:22.7 NAME 'olcACAserverDays' "
 	  "DESC 'Lifetime of server certificates in days' "
+	  "EQUALITY integerMatch "
 	  "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
 	{ "caDays", "integer", 2, 2, 0,
 	  ARG_INT|ARG_MAGIC|ACA_CADAYS, autoca_cf,
 	  "( OLcfgOvAt:22.8 NAME 'olcACADays' "
 	  "DESC 'Lifetime of CA certificate in days' "
+	  "EQUALITY integerMatch "
 	  "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
 	{ "localdn", "dn", 2, 2, 0,
 	  ARG_DN|ARG_MAGIC|ACA_LOCALDN, autoca_cf,
 	  "( OLcfgOvAt:22.9 NAME 'olcACAlocalDN' "
 	  "DESC 'DN of local server cert' "
+	  "EQUALITY distinguishedNameMatch "
 	  "SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL },
 	{ NULL, NULL, 0, 0, 0, ARG_IGNORED }
 };
diff --git a/servers/slapd/overlays/dds.c b/servers/slapd/overlays/dds.c
index 7bb5186c3c..729f571268 100644
--- a/servers/slapd/overlays/dds.c
+++ b/servers/slapd/overlays/dds.c
@@ -1241,24 +1241,28 @@ static ConfigTable dds_cfg[] = {
 		2, 2, 0, ARG_MAGIC|ARG_ON_OFF|DDS_STATE, dds_cfgen,
 		"( OLcfgOvAt:9.1 NAME 'olcDDSstate' "
 			"DESC 'RFC2589 Dynamic directory services state' "
+			"EQUALITY booleanMatch "
 			"SYNTAX OMsBoolean "
 			"SINGLE-VALUE )", NULL, NULL },
 	{ "dds-max-ttl", "ttl",
 		2, 2, 0, ARG_MAGIC|DDS_MAXTTL, dds_cfgen,
 		"( OLcfgOvAt:9.2 NAME 'olcDDSmaxTtl' "
 			"DESC 'RFC2589 Dynamic directory services max TTL' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString "
 			"SINGLE-VALUE )", NULL, NULL },
 	{ "dds-min-ttl", "ttl",
 		2, 2, 0, ARG_MAGIC|DDS_MINTTL, dds_cfgen,
 		"( OLcfgOvAt:9.3 NAME 'olcDDSminTtl' "
 			"DESC 'RFC2589 Dynamic directory services min TTL' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString "
 			"SINGLE-VALUE )", NULL, NULL },
 	{ "dds-default-ttl", "ttl",
 		2, 2, 0, ARG_MAGIC|DDS_DEFAULTTTL, dds_cfgen,
 		"( OLcfgOvAt:9.4 NAME 'olcDDSdefaultTtl' "
 			"DESC 'RFC2589 Dynamic directory services default TTL' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString "
 			"SINGLE-VALUE )", NULL, NULL },
 	{ "dds-interval", "interval",
@@ -1266,6 +1270,7 @@ static ConfigTable dds_cfg[] = {
 		"( OLcfgOvAt:9.5 NAME 'olcDDSinterval' "
 			"DESC 'RFC2589 Dynamic directory services expiration "
 				"task run interval' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString "
 			"SINGLE-VALUE )", NULL, NULL },
 	{ "dds-tolerance", "ttl",
@@ -1273,12 +1278,14 @@ static ConfigTable dds_cfg[] = {
 		"( OLcfgOvAt:9.6 NAME 'olcDDStolerance' "
 			"DESC 'RFC2589 Dynamic directory services additional "
 				"TTL in expiration scheduling' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString "
 			"SINGLE-VALUE )", NULL, NULL },
 	{ "dds-max-dynamicObjects", "num",
 		2, 2, 0, ARG_MAGIC|ARG_INT|DDS_MAXDYNAMICOBJS, dds_cfgen,
 		"( OLcfgOvAt:9.7 NAME 'olcDDSmaxDynamicObjects' "
 			"DESC 'RFC2589 Dynamic directory services max number of dynamic objects' "
+			"EQUALITY integerMatch "
 			"SYNTAX OMsInteger "
 			"SINGLE-VALUE )", NULL, NULL },
 	{ NULL, NULL, 0, 0, 0, ARG_IGNORED }
diff --git a/servers/slapd/overlays/dyngroup.c b/servers/slapd/overlays/dyngroup.c
index a6a6d861a6..902974c65e 100644
--- a/servers/slapd/overlays/dyngroup.c
+++ b/servers/slapd/overlays/dyngroup.c
@@ -124,6 +124,7 @@ static ConfigTable dgroupcfg[] = {
 	{ "attrpair", "member-attribute> <URL-attribute", 3, 3, 0,
 	  ARG_MAGIC, dgroup_cf,
 	  "( OLcfgOvAt:17.1 NAME 'olcDGAttrPair' "
+	  "EQUALITY caseIgnoreMatch "
 	  "DESC 'Member and MemberURL attribute pair' "
 	  "SYNTAX OMsDirectoryString )", NULL, NULL },
 	{ NULL, NULL, 0, 0, 0, ARG_IGNORED }
diff --git a/servers/slapd/overlays/memberof.c b/servers/slapd/overlays/memberof.c
index 54c24682ab..b9a142b85f 100644
--- a/servers/slapd/overlays/memberof.c
+++ b/servers/slapd/overlays/memberof.c
@@ -1689,6 +1689,7 @@ static ConfigTable mo_cfg[] = {
 		2, 2, 0, ARG_MAGIC|ARG_DN|MO_DN, mo_cf_gen,
 		"( OLcfgOvAt:18.0 NAME 'olcMemberOfDN' "
 			"DESC 'DN to be used as modifiersName' "
+			"EQUALITY distinguishedNameMatch "
 			"SYNTAX OMsDN SINGLE-VALUE )",
 		NULL, NULL },
 
@@ -1697,6 +1698,7 @@ static ConfigTable mo_cfg[] = {
 		"( OLcfgOvAt:18.1 NAME 'olcMemberOfDangling' "
 			"DESC 'Behavior with respect to dangling members, "
 				"constrained to ignore, drop, error' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )",
 		NULL, NULL },
 
@@ -1704,6 +1706,7 @@ static ConfigTable mo_cfg[] = {
 		2, 2, 0, ARG_MAGIC|ARG_ON_OFF|MO_REFINT, mo_cf_gen,
 		"( OLcfgOvAt:18.2 NAME 'olcMemberOfRefInt' "
 			"DESC 'Take care of referential integrity' "
+			"EQUALITY booleanMatch "
 			"SYNTAX OMsBoolean SINGLE-VALUE )",
 		NULL, NULL },
 
@@ -1711,6 +1714,7 @@ static ConfigTable mo_cfg[] = {
 		2, 2, 0, ARG_MAGIC|MO_GROUP_OC, mo_cf_gen,
 		"( OLcfgOvAt:18.3 NAME 'olcMemberOfGroupOC' "
 			"DESC 'Group objectClass' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )",
 		NULL, NULL },
 
@@ -1718,6 +1722,7 @@ static ConfigTable mo_cfg[] = {
 		2, 2, 0, ARG_MAGIC|ARG_ATDESC|MO_MEMBER_AD, mo_cf_gen,
 		"( OLcfgOvAt:18.4 NAME 'olcMemberOfMemberAD' "
 			"DESC 'member attribute' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )",
 		NULL, NULL },
 
@@ -1725,6 +1730,7 @@ static ConfigTable mo_cfg[] = {
 		2, 2, 0, ARG_MAGIC|ARG_ATDESC|MO_MEMBER_OF_AD, mo_cf_gen,
 		"( OLcfgOvAt:18.5 NAME 'olcMemberOfMemberOfAD' "
 			"DESC 'memberOf attribute' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )",
 		NULL, NULL },
 
@@ -1742,6 +1748,7 @@ static ConfigTable mo_cfg[] = {
 		2, 2, 0, ARG_MAGIC|MO_DANGLING_ERROR, mo_cf_gen,
 		"( OLcfgOvAt:18.7 NAME 'olcMemberOfDanglingError' "
 			"DESC 'Error code returned in case of dangling back reference' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )",
 		NULL, NULL },
 
diff --git a/servers/slapd/overlays/pcache.c b/servers/slapd/overlays/pcache.c
index c44a932af8..f60dd3391e 100644
--- a/servers/slapd/overlays/pcache.c
+++ b/servers/slapd/overlays/pcache.c
@@ -3657,6 +3657,7 @@ static ConfigTable pccfg[] = {
 		6, 6, 0, ARG_MAGIC|ARG_NO_DELETE|PC_MAIN, pc_cf_gen,
 		"( OLcfgOvAt:2.1 NAME ( 'olcPcache' 'olcProxyCache' ) "
 			"DESC 'Proxy Cache basic parameters' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "pcacheAttrset", "index> <attributes...",
 		2, 0, 0, ARG_MAGIC|PC_ATTR, pc_cf_gen,
@@ -3677,26 +3678,31 @@ static ConfigTable pccfg[] = {
 		2, 2, 0, ARG_MAGIC|PC_RESP, pc_cf_gen,
 		"( OLcfgOvAt:2.4 NAME 'olcPcachePosition' "
 			"DESC 'Response callback position in overlay stack' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "pcacheMaxQueries", "queries",
 		2, 2, 0, ARG_INT|ARG_MAGIC|PC_QUERIES, pc_cf_gen,
 		"( OLcfgOvAt:2.5 NAME ( 'olcPcacheMaxQueries' 'olcProxyCacheQueries' ) "
 			"DESC 'Maximum number of queries to cache' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
 	{ "pcachePersist", "TRUE|FALSE",
 		2, 2, 0, ARG_ON_OFF|ARG_OFFSET, (void *)offsetof(cache_manager, save_queries),
 		"( OLcfgOvAt:2.6 NAME ( 'olcPcachePersist' 'olcProxySaveQueries' ) "
 			"DESC 'Save cached queries for hot restart' "
+			"EQUALITY booleanMatch "
 			"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
 	{ "pcacheValidate", "TRUE|FALSE",
 		2, 2, 0, ARG_ON_OFF|ARG_OFFSET, (void *)offsetof(cache_manager, check_cacheability),
 		"( OLcfgOvAt:2.7 NAME ( 'olcPcacheValidate' 'olcProxyCheckCacheability' ) "
 			"DESC 'Check whether the results of a query are cacheable, e.g. for schema issues' "
+			"EQUALITY booleanMatch "
 			"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
 	{ "pcacheOffline", "TRUE|FALSE",
 		2, 2, 0, ARG_ON_OFF|ARG_MAGIC|PC_OFFLINE, pc_cf_gen,
 		"( OLcfgOvAt:2.8 NAME 'olcPcacheOffline' "
 			"DESC 'Set cache to offline mode and disable expiration' "
+			"EQUALITY booleanMatch "
 			"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
 	{ "pcacheBind", "filter> <attrset-index> <TTR> <scope> <base",
 		6, 6, 0, ARG_MAGIC|PC_BIND, pc_cf_gen,
diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c
index 68f11ed76d..550472fd29 100644
--- a/servers/slapd/overlays/ppolicy.c
+++ b/servers/slapd/overlays/ppolicy.c
@@ -224,24 +224,28 @@ static ConfigTable ppolicycfg[] = {
 	  ARG_DN|ARG_QUOTE|ARG_MAGIC|PPOLICY_DEFAULT, ppolicy_cf_default,
 	  "( OLcfgOvAt:12.1 NAME 'olcPPolicyDefault' "
 	  "DESC 'DN of a pwdPolicy object for uncustomized objects' "
+	  "EQUALITY distinguishedNameMatch "
 	  "SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL },
 	{ "ppolicy_hash_cleartext", "on|off", 1, 2, 0,
 	  ARG_ON_OFF|ARG_OFFSET|PPOLICY_HASH_CLEARTEXT,
 	  (void *)offsetof(pp_info,hash_passwords),
 	  "( OLcfgOvAt:12.2 NAME 'olcPPolicyHashCleartext' "
 	  "DESC 'Hash passwords on add or modify' "
+	  "EQUALITY booleanMatch "
 	  "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
 	{ "ppolicy_forward_updates", "on|off", 1, 2, 0,
 	  ARG_ON_OFF|ARG_OFFSET,
 	  (void *)offsetof(pp_info,forward_updates),
 	  "( OLcfgOvAt:12.4 NAME 'olcPPolicyForwardUpdates' "
 	  "DESC 'Allow policy state updates to be forwarded via updateref' "
+	  "EQUALITY booleanMatch "
 	  "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
 	{ "ppolicy_use_lockout", "on|off", 1, 2, 0,
 	  ARG_ON_OFF|ARG_OFFSET|PPOLICY_USE_LOCKOUT,
 	  (void *)offsetof(pp_info,use_lockout),
 	  "( OLcfgOvAt:12.3 NAME 'olcPPolicyUseLockout' "
 	  "DESC 'Warn clients with AccountLocked' "
+	  "EQUALITY booleanMatch "
 	  "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
 	{ NULL, NULL, 0, 0, 0, ARG_IGNORED }
 };
diff --git a/servers/slapd/overlays/refint.c b/servers/slapd/overlays/refint.c
index da9c7fdfe5..95318f706b 100644
--- a/servers/slapd/overlays/refint.c
+++ b/servers/slapd/overlays/refint.c
@@ -119,11 +119,13 @@ static ConfigTable refintcfg[] = {
 	  ARG_DN|ARG_MAGIC|REFINT_NOTHING, refint_cf_gen,
 	  "( OLcfgOvAt:11.2 NAME 'olcRefintNothing' "
 	  "DESC 'Replacement DN to supply when needed' "
+	  "EQUALITY distinguishedNameMatch "
 	  "SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL },
 	{ "refint_modifiersName", "DN", 2, 2, 0,
 	  ARG_DN|ARG_MAGIC|REFINT_MODIFIERSNAME, refint_cf_gen,
 	  "( OLcfgOvAt:11.3 NAME 'olcRefintModifiersName' "
 	  "DESC 'The DN to use as modifiersName' "
+	  "EQUALITY distinguishedNameMatch "
 	  "SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL },
 	{ NULL, NULL, 0, 0, 0, ARG_IGNORED }
 };
diff --git a/servers/slapd/overlays/retcode.c b/servers/slapd/overlays/retcode.c
index a626a80bab..ef6816d307 100644
--- a/servers/slapd/overlays/retcode.c
+++ b/servers/slapd/overlays/retcode.c
@@ -793,6 +793,7 @@ static ConfigTable rccfg[] = {
 		2, 2, 0, ARG_MAGIC|ARG_DN|RC_PARENT, rc_cf_gen,
 		"( OLcfgOvAt:20.1 NAME 'olcRetcodeParent' "
 			"DESC '' "
+			"EQUALITY distinguishedNameMatch "
 			"SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL },
 	{ "retcode-item", "rdn> <retcode> <...",
 		3, 0, 0, ARG_MAGIC|RC_ITEM, rc_cf_gen,
@@ -806,6 +807,7 @@ static ConfigTable rccfg[] = {
 			(void *)offsetof(retcode_t, rd_indir),
 		"( OLcfgOvAt:20.3 NAME 'olcRetcodeInDir' "
 			"DESC '' "
+			"EQUALITY booleanMatch "
 			"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
 
 	{ "retcode-sleep", "sleeptime",
@@ -813,6 +815,7 @@ static ConfigTable rccfg[] = {
 			(void *)offsetof(retcode_t, rd_sleep),
 		"( OLcfgOvAt:20.4 NAME 'olcRetcodeSleep' "
 			"DESC '' "
+			"EQUALITY integerMatch "
 			"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
 
 	{ NULL, NULL, 0, 0, 0, ARG_IGNORED }
diff --git a/servers/slapd/overlays/rwm.c b/servers/slapd/overlays/rwm.c
index 3102d2df01..5bb69ffcd7 100644
--- a/servers/slapd/overlays/rwm.c
+++ b/servers/slapd/overlays/rwm.c
@@ -1913,6 +1913,7 @@ static ConfigTable rwmcfg[] = {
 		2, 2, 0, ARG_MAGIC|RWM_CF_T_F_SUPPORT, rwm_cf_gen,
 		"( OLcfgOvAt:16.2 NAME 'olcRwmTFSupport' "
 			"DESC 'Absolute filters support' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -1930,6 +1931,7 @@ static ConfigTable rwmcfg[] = {
 		2, 2, 0, ARG_MAGIC|ARG_ON_OFF|RWM_CF_NORMALIZE_MAPPED, rwm_cf_gen,
 		"( OLcfgOvAt:16.4 NAME 'olcRwmNormalizeMapped' "
 			"DESC 'Normalize mapped attributes/objectClasses' "
+			"EQUALITY booleanMatch "
 			"SYNTAX OMsBoolean "
 			"SINGLE-VALUE )",
 		NULL, NULL },
@@ -1938,6 +1940,7 @@ static ConfigTable rwmcfg[] = {
 		2, 2, 0, ARG_MAGIC|ARG_ON_OFF|RWM_CF_DROP_UNREQUESTED, rwm_cf_gen,
 		"( OLcfgOvAt:16.5 NAME 'olcRwmDropUnrequested' "
 			"DESC 'Drop unrequested attributes' "
+			"EQUALITY booleanMatch "
 			"SYNTAX OMsBoolean "
 			"SINGLE-VALUE )",
 		NULL, NULL },
diff --git a/servers/slapd/overlays/sssvlv.c b/servers/slapd/overlays/sssvlv.c
index e650840530..18a69cf6b3 100644
--- a/servers/slapd/overlays/sssvlv.c
+++ b/servers/slapd/overlays/sssvlv.c
@@ -1285,18 +1285,21 @@ static ConfigTable sssvlv_cfg[] = {
 			(void *)offsetof(sssvlv_info, svi_max),
 		"( OLcfgOvAt:21.1 NAME 'olcSssVlvMax' "
 			"DESC 'Maximum number of concurrent Sort requests' "
+			"EQUALITY integerMatch "
 			"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
 	{ "sssvlv-maxkeys", "num",
 		2, 2, 0, ARG_INT|ARG_OFFSET,
 			(void *)offsetof(sssvlv_info, svi_max_keys),
 		"( OLcfgOvAt:21.2 NAME 'olcSssVlvMaxKeys' "
 			"DESC 'Maximum number of Keys in a Sort request' "
+			"EQUALITY integerMatch "
 			"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
 	{ "sssvlv-maxperconn", "num",
 		2, 2, 0, ARG_INT|ARG_OFFSET,
 			(void *)offsetof(sssvlv_info, svi_max_percon),
 		"( OLcfgOvAt:21.3 NAME 'olcSssVlvMaxPerConn' "
 			"DESC 'Maximum number of concurrent paged search requests per connection' "
+			"EQUALITY integerMatch "
 			"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
 	{ NULL, NULL, 0, 0, 0, ARG_IGNORED }
 };
diff --git a/servers/slapd/overlays/syncprov.c b/servers/slapd/overlays/syncprov.c
index d521ff9779..4c9103a089 100644
--- a/servers/slapd/overlays/syncprov.c
+++ b/servers/slapd/overlays/syncprov.c
@@ -2952,18 +2952,22 @@ static ConfigTable spcfg[] = {
 	{ "syncprov-checkpoint", "ops> <minutes", 3, 3, 0, ARG_MAGIC|SP_CHKPT,
 		sp_cf_gen, "( OLcfgOvAt:1.1 NAME 'olcSpCheckpoint' "
 			"DESC 'ContextCSN checkpoint interval in ops and minutes' "
+			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "syncprov-sessionlog", "ops", 2, 2, 0, ARG_INT|ARG_MAGIC|SP_SESSL,
 		sp_cf_gen, "( OLcfgOvAt:1.2 NAME 'olcSpSessionlog' "
 			"DESC 'Session log size in ops' "
+			"EQUALITY integerMatch "
 			"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
 	{ "syncprov-nopresent", NULL, 2, 2, 0, ARG_ON_OFF|ARG_MAGIC|SP_NOPRES,
 		sp_cf_gen, "( OLcfgOvAt:1.3 NAME 'olcSpNoPresent' "
 			"DESC 'Omit Present phase processing' "
+			"EQUALITY booleanMatch "
 			"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
 	{ "syncprov-reloadhint", NULL, 2, 2, 0, ARG_ON_OFF|ARG_MAGIC|SP_USEHINT,
 		sp_cf_gen, "( OLcfgOvAt:1.4 NAME 'olcSpReloadHint' "
 			"DESC 'Observe Reload Hint in Request control' "
+			"EQUALITY booleanMatch "
 			"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
 	{ NULL, NULL, 0, 0, 0, ARG_IGNORED }
 };
diff --git a/servers/slapd/overlays/translucent.c b/servers/slapd/overlays/translucent.c
index 372f05383b..a5fbb5b868 100644
--- a/servers/slapd/overlays/translucent.c
+++ b/servers/slapd/overlays/translucent.c
@@ -61,36 +61,42 @@ static ConfigTable translucentcfg[] = {
 	  (void *)offsetof(translucent_info, strict),
 	  "( OLcfgOvAt:14.1 NAME 'olcTranslucentStrict' "
 	  "DESC 'Reveal attribute deletion constraint violations' "
+	  "EQUALITY booleanMatch "
 	  "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
 	{ "translucent_no_glue", "on|off", 1, 2, 0,
 	  ARG_ON_OFF|ARG_OFFSET,
 	  (void *)offsetof(translucent_info, no_glue),
 	  "( OLcfgOvAt:14.2 NAME 'olcTranslucentNoGlue' "
 	  "DESC 'Disable automatic glue records for ADD and MODRDN' "
+	  "EQUALITY booleanMatch "
 	  "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
 	{ "translucent_local", "attr[,attr...]", 1, 2, 0,
 	  ARG_MAGIC|TRANS_LOCAL,
 	  translucent_cf_gen,
 	  "( OLcfgOvAt:14.3 NAME 'olcTranslucentLocal' "
 	  "DESC 'Attributes to use in local search filter' "
+	  "EQUALITY caseIgnoreMatch "
 	  "SYNTAX OMsDirectoryString )", NULL, NULL },
 	{ "translucent_remote", "attr[,attr...]", 1, 2, 0,
 	  ARG_MAGIC|TRANS_REMOTE,
 	  translucent_cf_gen,
 	  "( OLcfgOvAt:14.4 NAME 'olcTranslucentRemote' "
 	  "DESC 'Attributes to use in remote search filter' "
+	  "EQUALITY caseIgnoreMatch "
 	  "SYNTAX OMsDirectoryString )", NULL, NULL },
 	{ "translucent_bind_local", "on|off", 1, 2, 0,
 	  ARG_ON_OFF|ARG_OFFSET,
 	  (void *)offsetof(translucent_info, bind_local),
 	  "( OLcfgOvAt:14.5 NAME 'olcTranslucentBindLocal' "
 	  "DESC 'Enable local bind' "
+	  "EQUALITY booleanMatch "
 	  "SYNTAX OMsBoolean SINGLE-VALUE)", NULL, NULL },
 	{ "translucent_pwmod_local", "on|off", 1, 2, 0,
 	  ARG_ON_OFF|ARG_OFFSET,
 	  (void *)offsetof(translucent_info, pwmod_local),
 	  "( OLcfgOvAt:14.6 NAME 'olcTranslucentPwModLocal' "
 	  "DESC 'Enable local RFC 3062 Password Modify extended operation' "
+	  "EQUALITY booleanMatch "
 	  "SYNTAX OMsBoolean SINGLE-VALUE)", NULL, NULL },
 	{ NULL, NULL, 0, 0, 0, ARG_IGNORED }
 };