[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5596) contextCSN updates are internal operations

rein@OpenLDAP.org wrote:
> Full_Name: Rein Tollevik
> Version: CVS head
> OS: linux, solaris
> URL:
> Submission from: (NULL) (
> Submitted by: rein
> syncrepl_updateCookie() doesn't initialize mod.sml_flags, which means that the
> contextCSN modification is done with a random value.  Which again can cause the
> modify to fail if syncrepl is used on a subordinate DB with another rootdn than
> what the glue DB has.

As documented, glued DBs must all have the same rootDN. Any other 
configuration is a user error.

> syncprov_checkpoint() has a similar problem, it initializes mod.sml_flags to 0.
> When a checkpoint occur the modify operation is run with the privileges of what
> might be in op->o_ndn.  Checkpoint when the database is closed always works
> though, as op->o_ndn is always set to the rootdn when that is done.

> I'll commit a fix that sets mod.sml_flags to SLAP_MOD_INTERNAL shortly, so that
> access control rules are bypassed.
> Rein Tollevik
> Basefarm AS

   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/