[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#5596) contextCSN updates are internal operations
rein@OpenLDAP.org wrote:
> Full_Name: Rein Tollevik
> Version: CVS head
> OS: linux, solaris
> URL:
> Submission from: (NULL) (84.215.36.97)
> Submitted by: rein
>
>
> syncrepl_updateCookie() doesn't initialize mod.sml_flags, which means that the
> contextCSN modification is done with a random value. Which again can cause the
> modify to fail if syncrepl is used on a subordinate DB with another rootdn than
> what the glue DB has.
As documented, glued DBs must all have the same rootDN. Any other
configuration is a user error.
> syncprov_checkpoint() has a similar problem, it initializes mod.sml_flags to 0.
> When a checkpoint occur the modify operation is run with the privileges of what
> might be in op->o_ndn. Checkpoint when the database is closed always works
> though, as op->o_ndn is always set to the rootdn when that is done.
> I'll commit a fix that sets mod.sml_flags to SLAP_MOD_INTERNAL shortly, so that
> access control rules are bypassed.
>
> Rein Tollevik
> Basefarm AS
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/