Commit c0aec23b authored by Ondrej Kuznik's avatar Ondrej Kuznik Committed by Howard Chu
Browse files

ITS#6641 Bypass checks on ops with managedsait

Document the uniqueness changes

Fix whitespace in original patch -- hyc
parent d8f97f58
...@@ -154,6 +154,12 @@ Typical attributes for the ...@@ -154,6 +154,12 @@ Typical attributes for the
.B ignore ldap:///... .B ignore ldap:///...
URIs are intentionally not hardcoded into the overlay to allow for URIs are intentionally not hardcoded into the overlay to allow for
maximum flexibility in meeting site-specific requirements. maximum flexibility in meeting site-specific requirements.
.LP
Replication and operations with
.B manageDsaIt
control are allowed to bypass this enforcement. It is therefore important that
all servers accepting writes have this overlay configured in order to maintain
uniqueness in a replicated DIT.
.SH FILES .SH FILES
.TP .TP
ETCDIR/slapd.conf ETCDIR/slapd.conf
......
...@@ -1069,6 +1069,13 @@ unique_add( ...@@ -1069,6 +1069,13 @@ unique_add(
Debug(LDAP_DEBUG_TRACE, "==> unique_add <%s>\n", Debug(LDAP_DEBUG_TRACE, "==> unique_add <%s>\n",
op->o_req_dn.bv_val, 0, 0); op->o_req_dn.bv_val, 0, 0);
/* skip the checks if the operation has manageDsaIt control in it
* (for replication) */
if ( op->o_managedsait > SLAP_CONTROL_IGNORED ) {
Debug(LDAP_DEBUG_TRACE, "unique_add: administrative bypass, skipping\n", 0, 0, 0);
return rc;
}
for ( domain = legacy ? legacy : domains; for ( domain = legacy ? legacy : domains;
domain; domain;
domain = domain->next ) domain = domain->next )
...@@ -1190,6 +1197,13 @@ unique_modify( ...@@ -1190,6 +1197,13 @@ unique_modify(
Debug(LDAP_DEBUG_TRACE, "==> unique_modify <%s>\n", Debug(LDAP_DEBUG_TRACE, "==> unique_modify <%s>\n",
op->o_req_dn.bv_val, 0, 0); op->o_req_dn.bv_val, 0, 0);
/* skip the checks if the operation has manageDsaIt control in it
* (for replication) */
if ( op->o_managedsait > SLAP_CONTROL_IGNORED ) {
Debug(LDAP_DEBUG_TRACE, "unique_modify: administrative bypass, skipping\n", 0, 0, 0);
return rc;
}
for ( domain = legacy ? legacy : domains; for ( domain = legacy ? legacy : domains;
domain; domain;
domain = domain->next ) domain = domain->next )
...@@ -1304,6 +1318,13 @@ unique_modrdn( ...@@ -1304,6 +1318,13 @@ unique_modrdn(
Debug(LDAP_DEBUG_TRACE, "==> unique_modrdn <%s> <%s>\n", Debug(LDAP_DEBUG_TRACE, "==> unique_modrdn <%s> <%s>\n",
op->o_req_dn.bv_val, op->orr_newrdn.bv_val, 0); op->o_req_dn.bv_val, op->orr_newrdn.bv_val, 0);
/* skip the checks if the operation has manageDsaIt control in it
* (for replication) */
if ( op->o_managedsait > SLAP_CONTROL_IGNORED ) {
Debug(LDAP_DEBUG_TRACE, "unique_modrdn: administrative bypass, skipping\n", 0, 0, 0);
return rc;
}
for ( domain = legacy ? legacy : domains; for ( domain = legacy ? legacy : domains;
domain; domain;
domain = domain->next ) domain = domain->next )
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment