upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-24 00:29:35 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

ITS#8057 Enforce uniqueness unless permitted by ACL

Browse source
This commit is contained in:
Ondřej Kuzník 2015-02-14 18:08:59 +00:00 committed by Howard Chu
parent c127e78fb0
commit 4b84b6af14
1 changed files with 12 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
servers/slapd/overlays/unique.c
View file

@ -1040,7 +1040,10 @@ unique_add(
/* skip the checks if the operation has manageDsaIt control in it
* (for replication) */
if ( op->o_managedsait > SLAP_CONTROL_IGNORED ) {
if ( op->o_managedsait > SLAP_CONTROL_IGNORED
&& access_allowed ( op, op->ora_e,
slap_schema.si_ad_entry, NULL,
ACL_MANAGE, NULL ) ) {
Debug(LDAP_DEBUG_TRACE, "unique_add: administrative bypass, skipping\n", 0, 0, 0);
return rc;
}
@ -1168,7 +1171,10 @@ unique_modify(
/* skip the checks if the operation has manageDsaIt control in it
* (for replication) */
if ( op->o_managedsait > SLAP_CONTROL_IGNORED ) {
if ( op->o_managedsait > SLAP_CONTROL_IGNORED
&& access_allowed ( op, op->ora_e,
slap_schema.si_ad_entry, NULL,
ACL_MANAGE, NULL ) ) {
Debug(LDAP_DEBUG_TRACE, "unique_modify: administrative bypass, skipping\n", 0, 0, 0);
return rc;
}
@ -1289,7 +1295,10 @@ unique_modrdn(
/* skip the checks if the operation has manageDsaIt control in it
* (for replication) */
if ( op->o_managedsait > SLAP_CONTROL_IGNORED ) {
if ( op->o_managedsait > SLAP_CONTROL_IGNORED
&& access_allowed ( op, op->ora_e,
slap_schema.si_ad_entry, NULL,
ACL_MANAGE, NULL ) ) {
Debug(LDAP_DEBUG_TRACE, "unique_modrdn: administrative bypass, skipping\n", 0, 0, 0);
return rc;
}