RFC 4511 calls for unavailableCriticalExtension to returned when

a server is unwilling to make use of a known critical control.
2025-01-24 13:24:56 +08:00 · 2006-10-28 03:52:53 +00:00 · 2006-10-28 03:52:53 +00:00 · 672f8ef3f3
commit 672f8ef3f3
parent ba2d7ec007
1 changed files with 5 additions and 10 deletions
--- a/servers/slapd/backend.c
+++ b/servers/slapd/backend.c
@ -852,18 +852,13 @@ backend_check_controls(

 			case LDAP_COMPARE_FALSE:
 				if ( !op->o_bd->be_ctrls[cid] && (*ctrls)->ldctl_iscritical ) {
-					/* Per RFC 2251 (and LDAPBIS discussions), if the control
-					 * is recognized and appropriate for the operation (which
-					 * we've already verified), then the server should make
-					 * use of the control when performing the operation.
-					 * 
-					 * Here we find that operation extended by the control
-					 * is unavailable in a particular context, and the control
-					 * is marked Critical, hence the return of
-					 * unwillingToPerform.
+					/* RFC 4511 allows unavailableCriticalExtension to be
+					 * returned when the server is unwilling to perform
+					 * an operation extended by a recognized critical
+					 * control.
 					 */
 					rs->sr_text = "critical control unavailable in context";
-					rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+					rs->sr_err = LDAP_UNAVAILABLE_CRITICAL_EXTENSION;
 					goto done;
 				}
 				break;