mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2024-12-21 03:10:25 +08:00
Code Issues Packages Projects Releases Wiki Activity

ITS#6641 Bypass checks on ops with managedsait

Browse Source 
Document the uniqueness changes

Fix whitespace in original patch -- hyc
This commit is contained in:
Ondrej Kuznik 2011-05-06 13:07:53 +02:00 committed by Howard Chu
parent d8f97f58e2
commit c0aec23bde
2 changed files with 27 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
doc/man/man5/slapo-unique.5
View File

@ -154,6 +154,12 @@ Typical attributes for the
.B ignore ldap:///...
URIs are intentionally not hardcoded into the overlay to allow for
maximum flexibility in meeting site-specific requirements.
.LP
Replication and operations with
.B manageDsaIt
control are allowed to bypass this enforcement. It is therefore important that
all servers accepting writes have this overlay configured in order to maintain
uniqueness in a replicated DIT.
.SH FILES
.TP
ETCDIR/slapd.conf

21
servers/slapd/overlays/unique.c
View File

@ -1069,6 +1069,13 @@ unique_add(
Debug(LDAP_DEBUG_TRACE, "==> unique_add <%s>\n",
op->o_req_dn.bv_val, 0, 0);
/* skip the checks if the operation has manageDsaIt control in it
* (for replication) */
if ( op->o_managedsait > SLAP_CONTROL_IGNORED ) {
Debug(LDAP_DEBUG_TRACE, "unique_add: administrative bypass, skipping\n", 0, 0, 0);
return rc;
}
for ( domain = legacy ? legacy : domains;
domain;
domain = domain->next )
@ -1190,6 +1197,13 @@ unique_modify(
Debug(LDAP_DEBUG_TRACE, "==> unique_modify <%s>\n",
op->o_req_dn.bv_val, 0, 0);
/* skip the checks if the operation has manageDsaIt control in it
* (for replication) */
if ( op->o_managedsait > SLAP_CONTROL_IGNORED ) {
Debug(LDAP_DEBUG_TRACE, "unique_modify: administrative bypass, skipping\n", 0, 0, 0);
return rc;
}
for ( domain = legacy ? legacy : domains;
domain;
domain = domain->next )
@ -1304,6 +1318,13 @@ unique_modrdn(
Debug(LDAP_DEBUG_TRACE, "==> unique_modrdn <%s> <%s>\n",
op->o_req_dn.bv_val, op->orr_newrdn.bv_val, 0);
/* skip the checks if the operation has manageDsaIt control in it
* (for replication) */
if ( op->o_managedsait > SLAP_CONTROL_IGNORED ) {
Debug(LDAP_DEBUG_TRACE, "unique_modrdn: administrative bypass, skipping\n", 0, 0, 0);
return rc;
}
for ( domain = legacy ? legacy : domains;
domain;
domain = domain->next )