Commit f2d332aa authored by Ondřej Kuzník's avatar Ondřej Kuzník Committed by Quanah Gibson-Mount
Browse files

ITS#8057 Enforce uniqueness unless permitted by ACL

parent 39b39d55
......@@ -1040,7 +1040,10 @@ unique_add(
/* skip the checks if the operation has manageDsaIt control in it
* (for replication) */
if ( op->o_managedsait > SLAP_CONTROL_IGNORED ) {
if ( op->o_managedsait > SLAP_CONTROL_IGNORED
&& access_allowed ( op, op->ora_e,
slap_schema.si_ad_entry, NULL,
ACL_MANAGE, NULL ) ) {
Debug(LDAP_DEBUG_TRACE, "unique_add: administrative bypass, skipping\n", 0, 0, 0);
return rc;
}
......@@ -1168,7 +1171,10 @@ unique_modify(
/* skip the checks if the operation has manageDsaIt control in it
* (for replication) */
if ( op->o_managedsait > SLAP_CONTROL_IGNORED ) {
if ( op->o_managedsait > SLAP_CONTROL_IGNORED
&& access_allowed ( op, op->ora_e,
slap_schema.si_ad_entry, NULL,
ACL_MANAGE, NULL ) ) {
Debug(LDAP_DEBUG_TRACE, "unique_modify: administrative bypass, skipping\n", 0, 0, 0);
return rc;
}
......@@ -1289,7 +1295,10 @@ unique_modrdn(
/* skip the checks if the operation has manageDsaIt control in it
* (for replication) */
if ( op->o_managedsait > SLAP_CONTROL_IGNORED ) {
if ( op->o_managedsait > SLAP_CONTROL_IGNORED
&& access_allowed ( op, op->ora_e,
slap_schema.si_ad_entry, NULL,
ACL_MANAGE, NULL ) ) {
Debug(LDAP_DEBUG_TRACE, "unique_modrdn: administrative bypass, skipping\n", 0, 0, 0);
return rc;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment