Various changes

- SyncRepl support in back-ldbm
- back-ldbm functions return LDAP return codes for internal operations (callback)
- subentry code copy from back-bdb
- Misc udpates

servers/slapd/back-ldbm/add.c

@@ -29,6 +29,9 @@ ldbm_back_add(
 	AttributeDescription *entry = slap_schema.si_ad_entry;
 	char textbuf[SLAP_TEXT_BUFLEN];
 	size_t textlen = sizeof textbuf;
+#ifdef LDBM_SUBENTRIES
+	int subentry;
+#endif
 
 #ifdef NEW_LOGGING
 	LDAP_LOG( BACK_LDBM, ENTRY, "ldbm_back_add: %s\n", op->o_req_dn.bv_val, 0, 0 );
@@ -56,9 +59,17 @@ ldbm_back_add(
 #endif
 
 		send_ldap_result( op, rs );
+#ifdef LDAP_SYNCREPL
+		return rs->sr_err;
+#else
 		return( -1 );
+#endif
 	}
 
+#ifdef LDBM_SUBENTRIES
+	subentry = is_entry_subentry( op->oq_add.rs_e );
+#endif
+
 #ifdef LDAP_CACHING
 	if ( !op->o_caching_on ) {
 #endif /* LDAP_CACHING */
@@ -77,7 +88,11 @@ ldbm_back_add(
 		send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS,
 		    "no write access to entry" );
 
+#ifdef LDAP_SYNCREPL
+		return LDAP_INSUFFICIENT_ACCESS;
+#else
 		return -1;
+#endif
 	}
 #ifdef LDAP_CACHING
 	}
@@ -91,7 +106,11 @@ ldbm_back_add(
 		ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
 		rs->sr_err = rs->sr_err ? LDAP_OTHER : LDAP_ALREADY_EXISTS;
 		send_ldap_result( op, rs );
+#ifdef LDAP_SYNCREPL
+		return rs->sr_err;
+#else
 		return( -1 );
+#endif
 	}
 
 	/*
@@ -146,7 +165,11 @@ ldbm_back_add(
 			ber_bvarray_free( rs->sr_ref );
 			free( (char *)rs->sr_matched );
 
+#ifdef LDAP_SYNCREPL
+			return rs->sr_err;
+#else
 			return -1;
+#endif
 		}
 
 		if ( ! access_allowed( op, p,
@@ -168,9 +191,28 @@ ldbm_back_add(
 			send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS,
 			    "no write access to parent" );
 
+#ifdef LDAP_SYNCREPL
+			return LDAP_INSUFFICIENT_ACCESS;
+#else
 			return -1;
+#endif
 		}
 
+#ifdef LDBM_SUBENTRIES
+		if ( is_entry_subentry( p )) {
+#ifdef NEW_LOGGING
+			LDAP_LOG( OPERATION, DETAIL1,
+				"bdb_add: parent is subentry\n", 0, 0, 0 );
+#else
+			Debug( LDAP_DEBUG_TRACE, "bdb_add: parent is subentry\n",
+				0, 0, 0 );
+#endif
+			rs->sr_err = LDAP_OBJECT_CLASS_VIOLATION;
+			rs->sr_text = "parent is a subentry";
+			goto return_results;
+		}
+#endif
+
 		if ( is_entry_alias( p ) ) {
 			/* parent is an alias, don't allow add */
 
@@ -190,7 +232,11 @@ ldbm_back_add(
 			send_ldap_error( op, rs, LDAP_ALIAS_PROBLEM,
 			    "parent is an alias" );
 
+#ifdef LDAP_SYNCREPL
+			return LDAP_ALIAS_PROBLEM;
+#else
 			return -1;
+#endif
 		}
 
 		if ( is_entry_referral( p ) ) {
@@ -216,8 +262,19 @@ ldbm_back_add(
 
 			ber_bvarray_free( rs->sr_ref );
 			free( (char *)rs->sr_matched );
+#ifdef LDAP_SYNCREPL
+			return rs->sr_err;
+#else
 			return -1;
+#endif
+		}
+
+#ifdef LDBM_SUBENTRIES
+		if ( subentry ) {
+			/* FIXME: */
+			/* parent must be an administrative point of the required kind */
 		}
+#endif
 
 	} else {
 #ifndef LDAP_CACHING
@@ -260,10 +317,17 @@ ldbm_back_add(
 						LDAP_INSUFFICIENT_ACCESS,
 						"no write access to parent" );
 
+#ifdef LDAP_SYNCREPL
+					return LDAP_INSUFFICIENT_ACCESS;
+#else
 					return -1;
+#endif
 				}
-
+#ifdef LDAP_SYNCREPL
+			} else if ( !is_entry_glue( op->oq_add.rs_e )) {
+#else
 			} else {
+#endif
 				ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
 
 #ifdef NEW_LOGGING
@@ -278,11 +342,31 @@ ldbm_back_add(
 #endif
 
 				send_ldap_error( op, rs,
-						LDAP_INSUFFICIENT_ACCESS, NULL );
+						LDAP_NO_SUCH_OBJECT, NULL );
 
-				return -1;
+#ifdef LDAP_SYNCREPL
+					return LDAP_NO_SUCH_OBJECT;
+#else
+					return -1;
+#endif
 			}
 		}
+
+#ifdef LDBM_SUBENTRIES
+		        if( subentry ) {
+#ifdef NEW_LOGGING
+					LDAP_LOG ( OPERATION, DETAIL1,
+						"bdb_add: no parent, cannot add subentry\n", 0, 0, 0 );
+#else
+					Debug( LDAP_DEBUG_TRACE,
+						"bdb_add: no parent, cannot add subentry\n", 0, 0, 0 );
+#endif
+					rs->sr_err = LDAP_NO_SUCH_OBJECT;
+					rs->sr_text = "no parent, cannot add subentry";
+					goto return_results;
+				}
+#endif
+
 	}
 
 	if ( next_id( op->o_bd, &op->oq_add.rs_e->e_id ) ) {
@@ -304,7 +388,11 @@ ldbm_back_add(
 		send_ldap_error( op, rs, LDAP_OTHER,
 			"next_id add failed" );
 
+#ifdef LDAP_SYNCREPL
+		return LDAP_OTHER;
+#else
 		return( -1 );
+#endif
 	}
 
 	/*
@@ -332,7 +420,11 @@ ldbm_back_add(
 		rs->sr_err = rs->sr_err > 0 ? LDAP_ALREADY_EXISTS : LDAP_OTHER;
 		send_ldap_result( op, rs );
 
+#ifdef LDAP_SYNCREPL
+		return rs->sr_err;
+#else
 		return( -1 );
+#endif
 	}
 
 	rs->sr_err = -1;

servers/slapd/back-ldbm/back-ldbm.h

@@ -12,6 +12,10 @@
 
 LDAP_BEGIN_DECL
 
+#ifdef LDAP_SYNCREPL
+#define LDBM_SUBENTRIES 1
+#endif
+
 #define DEFAULT_CACHE_SIZE	1000
 
 #if defined(HAVE_BERKELEY_DB) && DB_VERSION_MAJOR >= 2

servers/slapd/back-ldbm/bind.c

@@ -81,12 +81,31 @@ ldbm_back_bind(
 
 		if ( rs->sr_ref ) ber_bvarray_free( rs->sr_ref );
 		if ( rs->sr_matched ) free( (char *)rs->sr_matched );
+#ifdef LDAP_SYNCREPL
+		return rs->sr_err;
+#else
 		return( rc );
+#endif
 	}
 
 	ber_dupbv( &op->oq_bind.rb_edn, &e->e_name );
 
 	/* check for deleted */
+#ifdef LDBM_SUBENTRIES
+	if ( is_entry_subentry( e ) ) {
+		/* entry is an subentry, don't allow bind */
+#ifdef NEW_LOGGING
+		LDAP_LOG ( OPERATION, DETAIL1,
+				"bdb_bind: entry is subentry\n", 0, 0, 0 );
+#else
+		Debug( LDAP_DEBUG_TRACE,
+				"entry is subentry\n", 0, 0, 0 );
+#endif
+		rs->sr_err = LDAP_INVALID_CREDENTIALS;
+		send_ldap_result( op, rs );
+		goto return_results;
+	}
+#endif
 
 	if ( is_entry_alias( e ) ) {
 		/* entry is an alias, don't allow bind */
@@ -102,7 +121,11 @@ ldbm_back_bind(
 		send_ldap_error( op, rs, LDAP_ALIAS_PROBLEM,
 		    "entry is alias" );
 
+#ifdef LDAP_SYNCREPL
+		rc = LDAP_ALIAS_PROBLEM;
+#else
 		rc = 1;
+#endif
 		goto return_results;
 	}
 
@@ -130,7 +153,11 @@ ldbm_back_bind(
 
 		ber_bvarray_free( rs->sr_ref );
 
+#ifdef LDAP_SYNCREPL
+		rc = rs->sr_err;
+#else
 		rc = 1;
+#endif
 		goto return_results;
 	}
 
@@ -140,7 +167,11 @@ ldbm_back_bind(
 			password, NULL, ACL_AUTH, NULL ) )
 		{
 			send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
+#ifdef LDAP_SYNCREPL
+			rc = LDAP_INSUFFICIENT_ACCESS;
+#else
 			rc = 1;
+#endif
 			goto return_results;
 		}
 
@@ -148,14 +179,22 @@ ldbm_back_bind(
 			send_ldap_error( op, rs, LDAP_INAPPROPRIATE_AUTH, NULL );
 
 			/* stop front end from sending result */
+#ifdef LDAP_SYNCREPL
+			rc = LDAP_INAPPROPRIATE_AUTH;
+#else
 			rc = 1;
+#endif
 			goto return_results;
 		}
 
 		if ( slap_passwd_check( op->o_conn, a, &op->oq_bind.rb_cred, &rs->sr_text ) != 0 ) {
 			send_ldap_error( op, rs, LDAP_INVALID_CREDENTIALS, NULL );
 			/* stop front end from sending result */
+#ifdef LDAP_SYNCREPL
+			rc = LDAP_INVALID_CREDENTIALS;
+#else
 			rc = 1;
+#endif
 			goto return_results;
 		}
 
@@ -166,7 +205,11 @@ ldbm_back_bind(
 	case LDAP_AUTH_KRBV41:
 		if ( krbv4_ldap_auth( op->o_bd, &op->oq_bind.rb_cred, &ad ) != LDAP_SUCCESS ) {
 			send_ldap_error( op, rs, LDAP_INVALID_CREDENTIALS, NULL );
+#ifdef LDAP_SYNCREPL
+			rc = LDAP_INVALID_CREDENTIALS;
+#else
 			rc = 1;
+#endif
 			goto return_results;
 		}
 
@@ -175,7 +218,11 @@ ldbm_back_bind(
 		{
 			send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS,
 				NULL );
+#ifdef LDAP_SYNCREPL
+			rc = LDAP_INSUFFICIENT_ACCESS;
+#else
 			rc = 1;
+#endif
 			goto return_results;
 		}
 
@@ -191,7 +238,11 @@ ldbm_back_bind(
 				break;
 			}
 			send_ldap_error( op, rs, LDAP_INAPPROPRIATE_AUTH, NULL );
+#ifdef LDAP_SYNCREPL
+			rc = LDAP_INAPPROPRIATE_AUTH;
+#else
 			rc = 1;
+#endif
 			goto return_results;
 
 		} else {	/* look for krbname match */
@@ -203,7 +254,11 @@ ldbm_back_bind(
 			if ( value_find( a->a_desc, a->a_vals, &krbval ) != 0 ) {
 				send_ldap_error( op, rs,
 				    LDAP_INVALID_CREDENTIALS, NULL );
+#ifdef LDAP_SYNCREPL
+				rc = LDAP_INVALID_CREDENTIALS;
+#else
 				rc = 1;
+#endif
 				goto return_results;
 			}
 		}
@@ -221,7 +276,11 @@ ldbm_back_bind(
 	default:
 		send_ldap_error( op, rs, LDAP_STRONG_AUTH_NOT_SUPPORTED,
 		    "authentication method not supported" );
+#ifdef LDAP_SYNCREPL
+		rc = LDAP_STRONG_AUTH_NOT_SUPPORTED;
+#else
 		rc = 1;
+#endif
 		goto return_results;
 	}
 

servers/slapd/back-ldbm/cache.c

@@ -511,11 +511,11 @@ try_again:
 
 #ifdef NEW_LOGGING
 			LDAP_LOG( CACHE, INFO, 
-				   "cache_find_entry_dn2id: (%s) %ld not ready: %d\n",
+				   "cache_find_entry_ndn2id: (%s) %ld not ready: %d\n",
 				   ndn->bv_val, id, state );
 #else
 			Debug(LDAP_DEBUG_TRACE,
-				"====> cache_find_entry_dn2id(\"%s\"): %ld (not ready) %d\n",
+				"====> cache_find_entry_ndn2id(\"%s\"): %ld (not ready) %d\n",
 				ndn->bv_val, id, state);
 #endif
 
@@ -532,11 +532,11 @@ try_again:
 
 #ifdef NEW_LOGGING
 		LDAP_LOG( CACHE, DETAIL1, 
-			   "cache_find_entry_dn2id: (%s): %ld %d tries\n",
+			   "cache_find_entry_ndn2id: (%s): %ld %d tries\n",
 			   ndn->bv_val, id, count );
 #else
 		Debug(LDAP_DEBUG_TRACE,
-			"====> cache_find_entry_dn2id(\"%s\"): %ld (%d tries)\n",
+			"====> cache_find_entry_ndn2id(\"%s\"): %ld (%d tries)\n",
 			ndn->bv_val, id, count);
 #endif
 

servers/slapd/back-ldbm/delete.c

@@ -40,7 +40,13 @@ ldbm_back_delete(
 	ldap_pvt_thread_rdwr_wlock(&li->li_giant_rwlock);
 
 	/* get entry with writer lock */
-	if ( (e = dn2entry_w( op->o_bd, &op->o_req_ndn, &matched )) == NULL ) {
+	e = dn2entry_w( op->o_bd, &op->o_req_ndn, &matched );
+
+#ifdef LDAP_SYNCREPL /* FIXME : dn2entry() should return non-glue entry */
+	if ( e == NULL || ( !manageDSAit && is_entry_glue( e ))) {
+#else
+	if ( e == NULL ) {
+#endif
 #ifdef NEW_LOGGING
 		LDAP_LOG( BACK_LDBM, INFO, 
 			"ldbm_back_delete: no such object %s\n", op->o_req_dn.bv_val, 0, 0 );
@@ -57,8 +63,13 @@ ldbm_back_delete(
 			cache_return_entry_r( &li->li_cache, matched );
 
 		} else {
-			rs->sr_ref = referral_rewrite( default_referral,
-				NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
+#ifdef LDAP_SYNCREPL
+			BerVarray deref = op->o_bd->syncinfo ?
+							  op->o_bd->syncinfo->provideruri_bv : default_referral;
+#else
+			BerVarray deref = default_referral;
+#endif
+			rs->sr_ref = referral_rewrite( deref, NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
 		}
 
 		ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);

servers/slapd/back-ldbm/dn2id.c

@@ -419,7 +419,8 @@ dn2entry_rw(
 	/* entry does not exist - see how much of the dn does exist */
 	if ( !be_issuffix( be, dn ) && (dnParent( dn, &pdn ), pdn.bv_len) ) {
 		/* get entry with reader lock */
-		if ( (e = dn2entry_r( be, &pdn, matched )) != NULL ) {
+		if ((e = dn2entry_r( be, &pdn, matched )) != NULL )
+		{
 			*matched = e;
 		}
 	}

servers/slapd/back-ldbm/entry.c

@@ -65,9 +65,9 @@ int ldbm_back_entry_get(
 	const char *at_name = at->ad_cname.bv_val;
 
 #ifdef NEW_LOGGING
-	LDAP_LOG( BACK_BDB, ARGS, 
+	LDAP_LOG( BACK_LDBM, ARGS, 
 		"ldbm_back_entry_get: ndn: \"%s\"\n", ndn->bv_val, 0, 0 );
-	LDAP_LOG( BACK_BDB, ARGS, 
+	LDAP_LOG( BACK_LDBM, ARGS, 
 		"ldbm_back_entry_get: oc: \"%s\", at: \"%s\"\n",
 		oc ? oc->soc_cname.bv_val : "(null)", at_name, 0);
 #else
@@ -84,7 +84,7 @@ int ldbm_back_entry_get(
 	e = dn2entry_rw( op->o_bd, ndn, NULL, rw );
 	if (e == NULL) {
 #ifdef NEW_LOGGING
-		LDAP_LOG( BACK_BDB, INFO, 
+		LDAP_LOG( BACK_LDBM, INFO, 
 			"ldbm_back_entry_get: cannot find entry (%s)\n", 
 			ndn->bv_val, 0, 0 );
 #else
@@ -96,7 +96,7 @@ int ldbm_back_entry_get(
 	}
 	
 #ifdef NEW_LOGGING
-	LDAP_LOG( BACK_BDB, DETAIL1, "ldbm_back_entry_get: found entry (%s)\n",
+	LDAP_LOG( BACK_LDBM, DETAIL1, "ldbm_back_entry_get: found entry (%s)\n",
 		ndn->bv_val, 0, 0 );
 #else
 	Debug( LDAP_DEBUG_ACL,
@@ -108,7 +108,7 @@ int ldbm_back_entry_get(
 	/* find attribute values */
 	if( is_entry_alias( e ) ) {
 #ifdef NEW_LOGGING
-		LDAP_LOG( BACK_BDB, INFO, 
+		LDAP_LOG( BACK_LDBM, INFO, 
 			"ldbm_back_entry_get: entry (%s) is an alias\n", e->e_name.bv_val, 0, 0 );
 #else
 		Debug( LDAP_DEBUG_ACL,
@@ -121,7 +121,7 @@ int ldbm_back_entry_get(
 
 	if( is_entry_referral( e ) ) {
 #ifdef NEW_LOGGING
-		LDAP_LOG( BACK_BDB, INFO, 
+		LDAP_LOG( BACK_LDBM, INFO, 
 			"ldbm_back_entry_get: entry (%s) is a referral.\n", e->e_name.bv_val, 0, 0);
 #else
 		Debug( LDAP_DEBUG_ACL,
@@ -133,7 +133,7 @@ int ldbm_back_entry_get(
 
 	if ( oc && !is_entry_objectclass( e, oc, 0 )) {
 #ifdef NEW_LOGGING
-		LDAP_LOG( BACK_BDB, INFO, 
+		LDAP_LOG( BACK_LDBM, INFO, 
 			"ldbm_back_entry_get: failed to find objectClass.\n", 0, 0, 0 );
 #else
 		Debug( LDAP_DEBUG_ACL,
@@ -155,7 +155,7 @@ return_results:
 	}
 
 #ifdef NEW_LOGGING
-	LDAP_LOG( BACK_BDB, ENTRY, "ldbm_back_entry_get: rc=%d\n", rc, 0, 0 );
+	LDAP_LOG( BACK_LDBM, ENTRY, "ldbm_back_entry_get: rc=%d\n", rc, 0, 0 );
 #else
 	Debug( LDAP_DEBUG_TRACE,
 		"ldbm_back_entry_get: rc=%d\n",

servers/slapd/back-ldbm/init.c

@@ -129,6 +129,9 @@ ldbm_back_db_init(
 
 	/* indicate system schema supported */
 	be->be_flags |= 
+#ifdef LDBM_SUBENTRIES
+		SLAP_BFLAG_SUBENTRIES |
+#endif
 		SLAP_BFLAG_ALIASES |
 		SLAP_BFLAG_REFERRALS;
 

servers/slapd/back-ldbm/modify.c

@@ -299,7 +299,13 @@ ldbm_back_modify(
 	ldap_pvt_thread_rdwr_wlock(&li->li_giant_rwlock);
 
 	/* acquire and lock entry */
-	if ( (e = dn2entry_w( op->o_bd, &op->o_req_ndn, &matched )) == NULL ) {
+	e = dn2entry_w( op->o_bd, &op->o_req_ndn, &matched );
+
+#ifdef LDAP_SYNCREPL /* FIXME: dn2entry() should return non-glue entry */
+	if (( e == NULL ) || ( !manageDSAit && e && is_entry_glue( e ))) {
+#else
+	if ( e == NULL ) {
+#endif
 		if ( matched != NULL ) {
 			rs->sr_matched = ch_strdup( matched->e_dn );
 			rs->sr_ref = is_entry_referral( matched )
@@ -307,8 +313,13 @@ ldbm_back_modify(
 				: NULL;
 			cache_return_entry_r( &li->li_cache, matched );
 		} else {
-			rs->sr_ref = referral_rewrite( default_referral,
-				NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
+#ifdef LDAP_SYNCREPL
+			BerVarray deref = op->o_bd->syncinfo ?
+							  op->o_bd->syncinfo->provideruri_bv : default_referral;
+#else
+			BerVarray deref = default_referral;
+#endif
+			rs->sr_ref = referral_rewrite( deref, NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
 		}
 
 		ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
@@ -318,7 +329,11 @@ ldbm_back_modify(
 		if ( rs->sr_ref ) ber_bvarray_free( rs->sr_ref );
 		free( (char *)rs->sr_matched );
 
+#ifdef LDAP_SYNCREPL
+		return rs->sr_err;
+#else
 		return( -1 );
+#endif
 	}
 
 #ifndef LDAP_CACHING
@@ -364,6 +379,7 @@ ldbm_back_modify(
 	if ( id2entry_add( op->o_bd, e ) != 0 ) {
 		send_ldap_error( op, rs, LDAP_OTHER,
 			"id2entry failure" );
+		rs->sr_err = LDAP_OTHER;
 		goto error_return;
 	}
 
@@ -372,10 +388,15 @@ ldbm_back_modify(
 
 	cache_return_entry_w( &li->li_cache, e );
 	ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
-	return( 0 );
+
+	return LDAP_SUCCESS;
 
 error_return:;
 	cache_return_entry_w( &li->li_cache, e );
 	ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
+#ifdef LDAP_SYNCREPL
+	return rs->sr_err;
+#else
 	return( -1 );
+#endif
 }

servers/slapd/back-ldbm/modrdn.c

@@ -80,17 +80,28 @@ ldbm_back_modrdn(
 	/* grab giant lock for writing */
 	ldap_pvt_thread_rdwr_wlock(&li->li_giant_rwlock);
 
+	e = dn2entry_w( op->o_bd, &op->o_req_ndn, &matched );
+
 	/* get entry with writer lock */
-	if ( (e = dn2entry_w( op->o_bd, &op->o_req_ndn, &matched )) == NULL ) {
-		if( matched != NULL ) {
+#ifdef LDAP_SYNCREPL /* FIXME: dn2entry() should return non-glue entry */
+	if (( e == NULL  ) || ( !manageDSAit && e && is_entry_glue( e ))) {
+#else
+	if ( e == NULL ) {
+#endif
+		if ( matched != NULL ) {
 			rs->sr_matched = strdup( matched->e_dn );
 			rs->sr_ref = is_entry_referral( matched )
 				? get_entry_referrals( op, matched )
 				: NULL;
 			cache_return_entry_r( &li->li_cache, matched );
 		} else {
-			rs->sr_ref = referral_rewrite( default_referral,
-				NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
+#ifdef LDAP_SYNCREPL
+			BerVarray deref = op->o_bd->syncinfo ?
+							  op->o_bd->syncinfo->provideruri_bv : default_referral;
+#else
+			BerVarray deref = default_referral;
+#endif
+			rs->sr_ref = referral_rewrite( deref, NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
 		}
 
 		ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
@@ -101,7 +112,11 @@ ldbm_back_modrdn(
 		if ( rs->sr_ref ) ber_bvarray_free( rs->sr_ref );
 		free( (char *)rs->sr_matched );
 
+#ifdef LDAP_SYNCREPL
+		return rs->sr_err;
+#else
 		return( -1 );
+#endif
 	}
 
 	/* check entry for "entry" acl */

servers/slapd/back-ldbm/passwd.c

@@ -102,13 +102,28 @@ ldbm_back_exop_passwd(
 	ldap_pvt_thread_rdwr_wlock(&li->li_giant_rwlock);
 
 	e = dn2entry_w( op->o_bd, &ndn, NULL );
+
+#ifdef LDAP_SYNCREPL
+	if ( e == NULL || is_entry_glue( e )) {
+			/* FIXME : dn2entry() should return non-glue entry */
+#else
 	if( e == NULL ) {
+#endif
 		ldap_pvt_thread_rdwr_wunlock(&li->li_giant_rwlock);
 		rs->sr_text = "could not locate authorization entry";
 		rc = LDAP_NO_SUCH_OBJECT;
 		goto done;