Commit c705dc52 authored by Ondrej Kuznik's avatar Ondrej Kuznik Committed by Quanah Gibson-Mount
Browse files

ITS#6641 Bypass checks on ops with managedsait

Document the uniqueness changes

Fix whitespace in original patch -- hyc
parent 6adee8cd
......@@ -154,6 +154,12 @@ Typical attributes for the
.B ignore ldap:///...
URIs are intentionally not hardcoded into the overlay to allow for
maximum flexibility in meeting site-specific requirements.
.LP
Replication and operations with
.B manageDsaIt
control are allowed to bypass this enforcement. It is therefore important that
all servers accepting writes have this overlay configured in order to maintain
uniqueness in a replicated DIT.
.SH FILES
.TP
ETCDIR/slapd.conf
......
......@@ -1069,6 +1069,13 @@ unique_add(
Debug(LDAP_DEBUG_TRACE, "==> unique_add <%s>\n",
op->o_req_dn.bv_val, 0, 0);
/* skip the checks if the operation has manageDsaIt control in it
* (for replication) */
if ( op->o_managedsait > SLAP_CONTROL_IGNORED ) {
Debug(LDAP_DEBUG_TRACE, "unique_add: administrative bypass, skipping\n", 0, 0, 0);
return rc;
}
for ( domain = legacy ? legacy : domains;
domain;
domain = domain->next )
......@@ -1190,6 +1197,13 @@ unique_modify(
Debug(LDAP_DEBUG_TRACE, "==> unique_modify <%s>\n",
op->o_req_dn.bv_val, 0, 0);
/* skip the checks if the operation has manageDsaIt control in it
* (for replication) */
if ( op->o_managedsait > SLAP_CONTROL_IGNORED ) {
Debug(LDAP_DEBUG_TRACE, "unique_modify: administrative bypass, skipping\n", 0, 0, 0);
return rc;
}
for ( domain = legacy ? legacy : domains;
domain;
domain = domain->next )
......@@ -1304,6 +1318,13 @@ unique_modrdn(
Debug(LDAP_DEBUG_TRACE, "==> unique_modrdn <%s> <%s>\n",
op->o_req_dn.bv_val, op->orr_newrdn.bv_val, 0);
/* skip the checks if the operation has manageDsaIt control in it
* (for replication) */
if ( op->o_managedsait > SLAP_CONTROL_IGNORED ) {
Debug(LDAP_DEBUG_TRACE, "unique_modrdn: administrative bypass, skipping\n", 0, 0, 0);
return rc;
}
for ( domain = legacy ? legacy : domains;
domain;
domain = domain->next )
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment