upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-20 22:59:34 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

ITS#8927 ppolicy: accept replicated changes even in MMR

Browse source
This commit is contained in:
Ondřej Kuzník 2018-10-16 10:42:43 +01:00
parent 3ab98b2fc9
commit 04a52cef40
1 changed files with 7 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
servers/slapd/overlays/ppolicy.c
View file

@ -1509,7 +1509,7 @@ ppolicy_add(
return rs->sr_err; return rs->sr_err;
/* If this is a replica, assume the master checked everything */ /* If this is a replica, assume the master checked everything */
if ( be_shadow_update( op )) if ( SLAPD_SYNC_IS_SYNCCONN( op->o_connid ) )
return SLAP_CB_CONTINUE; return SLAP_CB_CONTINUE;
/* Check for password in entry */ /* Check for password in entry */
@ -1653,7 +1653,7 @@ ppolicy_modify( Operation *op, SlapReply *rs )
/* If this is a replica, we may need to tweak some of the /* If this is a replica, we may need to tweak some of the
* master's modifications. Otherwise, just pass it through. * master's modifications. Otherwise, just pass it through.
*/ */
if ( be_shadow_update( op )) { if ( SLAPD_SYNC_IS_SYNCCONN( op->o_connid ) ) {
Modifications **prev; Modifications **prev;
Attribute *a_grace, *a_lock, *a_fail; Attribute *a_grace, *a_lock, *a_fail;
@ -1669,26 +1669,27 @@ ppolicy_modify( Operation *op, SlapReply *rs )
/* If we're deleting an attr that didn't exist, /* If we're deleting an attr that didn't exist,
* drop this delete op * drop this delete op
*/ */
if ( ml->sml_op == LDAP_MOD_DELETE ) { if ( ml->sml_op == LDAP_MOD_DELETE ||
ml->sml_op == SLAP_MOD_SOFTDEL ) {
int drop = 0; int drop = 0;
if ( ml->sml_desc == ad_pwdGraceUseTime ) { if ( ml->sml_desc == ad_pwdGraceUseTime ) {
if ( !a_grace || got_del_grace ) { if ( !a_grace || got_del_grace ) {
drop = 1; drop = ml->sml_op == LDAP_MOD_DELETE;
} else { } else {
got_del_grace = 1; got_del_grace = 1;
} }
} else } else
if ( ml->sml_desc == ad_pwdAccountLockedTime ) { if ( ml->sml_desc == ad_pwdAccountLockedTime ) {
if ( !a_lock || got_del_lock ) { if ( !a_lock || got_del_lock ) {
drop = 1; drop = ml->sml_op == LDAP_MOD_DELETE;
} else { } else {
got_del_lock = 1; got_del_lock = 1;
} }
} else } else
if ( ml->sml_desc == ad_pwdFailureTime ) { if ( ml->sml_desc == ad_pwdFailureTime ) {
if ( !a_fail || got_del_fail ) { if ( !a_fail || got_del_fail ) {
drop = 1; drop = ml->sml_op == LDAP_MOD_DELETE;
} else { } else {
got_del_fail = 1; got_del_fail = 1;
} }