/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2004-2007 The OpenLDAP Foundation.
+ * Copyright 2004-2008 The OpenLDAP Foundation.
* Portions Copyright 2004,2006-2007 Symas Corporation.
* All rights reserved.
*
typedef struct unique_domain_uri_s {
struct unique_domain_uri_s *next;
- struct berval *dn;
- struct berval *ndn;
- struct berval *filter;
+ struct berval dn;
+ struct berval ndn;
+ struct berval filter;
struct unique_attrs_s *attrs;
int scope;
} unique_domain_uri;
typedef struct unique_domain_s {
struct unique_domain_s *next;
- struct berval *domain_spec;
+ struct berval domain_spec;
struct unique_domain_uri_s *uri;
char ignore; /* polarity of attributes */
char strict; /* null considered unique too */
while ( uri ) {
next_uri = uri->next;
- ber_bvfree ( uri->dn );
- ber_bvfree ( uri->ndn );
- ber_bvfree ( uri->filter );
+ ch_free ( uri->dn.bv_val );
+ ch_free ( uri->ndn.bv_val );
+ ch_free ( uri->filter.bv_val );
attr = uri->attrs;
while ( attr ) {
next_attr = attr->next;
while ( domain ) {
next_domain = domain->next;
- ber_bvfree ( domain->domain_spec );
+ ch_free ( domain->domain_spec.bv_val );
unique_free_domain_uri ( domain->uri );
ch_free ( domain );
domain = next_domain;
uri = ch_calloc ( 1, sizeof ( unique_domain_uri ) );
if ( url_desc->lud_dn && url_desc->lud_dn[0] ) {
- ber_str2bv( url_desc->lud_dn, 0, 1, &bv );
+ ber_str2bv( url_desc->lud_dn, 0, 0, &bv );
rc = dnPrettyNormal( NULL,
&bv,
- uri->dn,
- uri->ndn,
+ &uri->dn,
+ &uri->ndn,
NULL );
if ( rc != LDAP_SUCCESS ) {
- snprintf( c->msg, sizeof( c->msg ),
+ snprintf( c->cr_msg, sizeof( c->cr_msg ),
"<%s> invalid DN %d (%s)",
url_desc->lud_dn, rc, ldap_err2string( rc ));
rc = ARG_BAD_CONF;
goto exit;
}
- if ( !dnIsSuffix ( uri->ndn, &be->be_nsuffix[0] ) ) {
- sprintf ( c->msg,
+ if ( be->be_nsuffix == NULL ) {
+ snprintf( c->cr_msg, sizeof( c->cr_msg ),
+ "suffix must be set" );
+ Debug ( LDAP_DEBUG_CONFIG, "unique config: %s\n",
+ c->cr_msg, NULL, NULL );
+ rc = ARG_BAD_CONF;
+ goto exit;
+ }
+
+ if ( !dnIsSuffix ( &uri->ndn, &be->be_nsuffix[0] ) ) {
+ snprintf( c->cr_msg, sizeof( c->cr_msg ),
"dn <%s> is not a suffix of backend base dn <%s>",
- uri->dn->bv_val,
+ uri->dn.bv_val,
be->be_nsuffix[0].bv_val );
rc = ARG_BAD_CONF;
goto exit;
attr->next = uri->attrs;
uri->attrs = attr;
} else {
- snprintf( c->msg, sizeof( c->msg ),
+ snprintf( c->cr_msg, sizeof( c->cr_msg ),
"unique: attribute: %s: %s",
attr_str[i], text );
rc = ARG_BAD_CONF;
uri->scope = url_desc->lud_scope;
if ( !uri->scope ) {
- snprintf( c->msg, sizeof( c->msg ),
+ snprintf( c->cr_msg, sizeof( c->cr_msg ),
"unique: uri with base scope will always be unique");
rc = ARG_BAD_CONF;
goto exit;
}
if (url_desc->lud_filter) {
- Filter * f;
- uri->filter = ber_str2bv( url_desc->lud_filter, 0, 1, NULL);
- f = str2filter( uri->filter->bv_val );
+ Filter *f = str2filter( url_desc->lud_filter );
+ char *ptr;
if ( !f ) {
- snprintf( c->msg, sizeof( c->msg ),
+ snprintf( c->cr_msg, sizeof( c->cr_msg ),
"unique: bad filter");
rc = ARG_BAD_CONF;
goto exit;
}
+ /* make sure the strfilter is in normal form (ITS#5581) */
+ filter2bv( f, &uri->filter );
filter_free( f );
+ ptr = strstr( uri->filter.bv_val, "(?=" /*)*/ );
+ if ( ptr != NULL && ptr <= ( uri->filter.bv_val - STRLENOF( "(?=" /*)*/ ) + uri->filter.bv_len ) )
+ {
+ snprintf( c->cr_msg, sizeof( c->cr_msg ),
+ "unique: bad filter");
+ rc = ARG_BAD_CONF;
+ goto exit;
+ }
}
exit:
- if ( bv.bv_val ) ber_memfree ( bv.bv_val );
uri->next = *urip;
*urip = uri;
if ( rc ) {
Debug ( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
- "%s: %s\n", c->log, c->msg, 0 );
+ "%s: %s\n", c->log, c->cr_msg, 0 );
unique_free_domain_uri ( uri );
*urip = NULL;
}
domain_spec, 0, 0);
domain = ch_calloc ( 1, sizeof (unique_domain) );
- domain->domain_spec = ber_str2bv( domain_spec, 0, 1, NULL );
+ ber_str2bv( domain_spec, 0, 1, &domain->domain_spec );
uri_start = domain_spec;
if ( strncasecmp ( uri_start, "ignore ",
}
rc = ldap_url_parselist_ext ( &url_descs, uri_start, " ", 0 );
if ( rc ) {
- snprintf( c->msg, sizeof( c->msg ),
+ snprintf( c->cr_msg, sizeof( c->cr_msg ),
"<%s> invalid ldap urilist",
uri_start );
rc = ARG_BAD_CONF;
*domainp = domain;
if ( rc ) {
Debug ( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
- "%s: %s\n", c->log, c->msg, 0 );
+ "%s: %s\n", c->log, c->cr_msg, 0 );
unique_free_domain ( domain );
*domainp = NULL;
}
switch ( c->op ) {
case SLAP_CONFIG_EMIT:
rc = 0;
- if ( legacy && legacy->uri && legacy->uri->dn ) {
+ if ( legacy && legacy->uri && legacy->uri->dn.bv_val ) {
rc = value_add_one ( &c->rvalue_vals,
- legacy->uri->dn );
+ &legacy->uri->dn );
if ( rc ) return rc;
rc = value_add_one ( &c->rvalue_nvals,
- legacy->uri->ndn );
+ &legacy->uri->ndn );
if ( rc ) return rc;
}
break;
case LDAP_MOD_DELETE:
- assert ( legacy && legacy->uri && legacy->uri->dn );
+ assert ( legacy && legacy->uri && legacy->uri->dn.bv_val );
rc = 0;
- ber_bvfree ( legacy->uri->dn );
- ber_bvfree ( legacy->uri->ndn );
- legacy->uri->dn = NULL;
- legacy->uri->ndn = NULL;
- if ( !legacy->uri->attrs
- && !legacy->uri->dn ) {
+ ch_free ( legacy->uri->dn.bv_val );
+ ch_free ( legacy->uri->ndn.bv_val );
+ BER_BVZERO( &legacy->uri->dn );
+ BER_BVZERO( &legacy->uri->ndn );
+ if ( !legacy->uri->attrs ) {
unique_free_domain_uri ( legacy->uri );
legacy->uri = NULL;
}
case LDAP_MOD_ADD:
case SLAP_CONFIG_ADD:
if ( domains ) {
- sprintf ( c->msg,
+ snprintf( c->cr_msg, sizeof( c->cr_msg ),
"cannot set legacy attrs when URIs are present" );
Debug ( LDAP_DEBUG_CONFIG, "unique config: %s\n",
- c->msg, NULL, NULL );
+ c->cr_msg, NULL, NULL );
+ rc = ARG_BAD_CONF;
+ break;
+ }
+ if ( be->be_nsuffix == NULL ) {
+ snprintf( c->cr_msg, sizeof( c->cr_msg ),
+ "suffix must be set" );
+ Debug ( LDAP_DEBUG_CONFIG, "unique config: %s\n",
+ c->cr_msg, NULL, NULL );
rc = ARG_BAD_CONF;
break;
}
if ( !dnIsSuffix ( &c->value_ndn,
&be->be_nsuffix[0] ) ) {
- sprintf ( c->msg,
+ snprintf( c->cr_msg, sizeof( c->cr_msg ),
"dn is not a suffix of backend base" );
Debug ( LDAP_DEBUG_CONFIG, "unique config: %s\n",
- c->msg, NULL, NULL );
+ c->cr_msg, NULL, NULL );
rc = ARG_BAD_CONF;
break;
}
}
if ( !legacy->uri )
unique_new_domain_uri_basic ( &legacy->uri, c );
- ber_bvfree ( legacy->uri->dn );
- ber_bvfree ( legacy->uri->ndn );
- legacy->uri->dn = ber_bvdup ( &c->value_dn );
- legacy->uri->ndn = ber_bvdup ( &c->value_ndn );
+ ch_free ( legacy->uri->dn.bv_val );
+ ch_free ( legacy->uri->ndn.bv_val );
+ legacy->uri->dn = c->value_dn;
+ legacy->uri->ndn = c->value_ndn;
rc = 0;
break;
default:
ch_free (attr);
}
if ( !legacy->uri->attrs
- && !legacy->uri->dn ) {
+ && !legacy->uri->dn.bv_val ) {
unique_free_domain_uri ( legacy->uri );
legacy->uri = NULL;
}
case LDAP_MOD_ADD:
case SLAP_CONFIG_ADD:
if ( domains ) {
- sprintf ( c->msg,
+ snprintf( c->cr_msg, sizeof( c->cr_msg ),
"cannot set legacy attrs when URIs are present" );
Debug ( LDAP_DEBUG_CONFIG, "unique config: %s\n",
- c->msg, NULL, NULL );
+ c->cr_msg, NULL, NULL );
rc = ARG_BAD_CONF;
break;
}
&& legacy->uri
&& legacy->uri->attrs
&& (c->type == UNIQUE_IGNORE) != legacy->ignore ) {
- sprintf ( c->msg,
+ snprintf( c->cr_msg, sizeof( c->cr_msg ),
"cannot set both attrs and ignore-attrs" );
Debug ( LDAP_DEBUG_CONFIG, "unique config: %s\n",
- c->msg, NULL, NULL );
+ c->cr_msg, NULL, NULL );
rc = ARG_BAD_CONF;
break;
}
attr->next = new_attrs;
new_attrs = attr;
} else {
- snprintf( c->msg, sizeof( c->msg ),
+ snprintf( c->cr_msg, sizeof( c->cr_msg ),
"unique: attribute: %s: %s",
c->argv[i], text );
for ( attr = new_attrs;
if ( rc ) {
Debug ( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
- "%s: %s\n", c->log, c->msg, 0 );
+ "%s: %s\n", c->log, c->cr_msg, 0 );
}
return rc;
}
case LDAP_MOD_ADD:
case SLAP_CONFIG_ADD:
if ( domains ) {
- sprintf ( c->msg,
+ snprintf( c->cr_msg, sizeof( c->cr_msg ),
"cannot set legacy attrs when URIs are present" );
Debug ( LDAP_DEBUG_CONFIG, "unique config: %s\n",
- c->msg, NULL, NULL );
+ c->cr_msg, NULL, NULL );
rc = ARG_BAD_CONF;
break;
}
domain;
domain = domain->next ) {
rc = value_add_one ( &c->rvalue_vals,
- domain->domain_spec );
- if ( rc ) break;
- rc = value_add_one ( &c->rvalue_nvals,
- domain->domain_spec );
+ &domain->domain_spec );
if ( rc ) break;
}
break;
case SLAP_CONFIG_ADD: /* fallthrough */
case LDAP_MOD_ADD:
if ( legacy ) {
- sprintf ( c->msg,
+ snprintf( c->cr_msg, sizeof( c->cr_msg ),
"cannot set Uri when legacy attrs are present" );
Debug ( LDAP_DEBUG_CONFIG, "unique config: %s\n",
- c->msg, NULL, NULL );
+ c->cr_msg, NULL, NULL );
rc = ARG_BAD_CONF;
break;
}
static int
unique_db_init(
- BackendDB *be
+ BackendDB *be,
+ ConfigReply *cr
)
{
slap_overinst *on = (slap_overinst *)be->bd_info;
static int
unique_db_destroy(
- BackendDB *be
+ BackendDB *be,
+ ConfigReply *cr
)
{
slap_overinst *on = (slap_overinst *)be->bd_info;
static int
unique_open(
- BackendDB *be
+ BackendDB *be,
+ ConfigReply *cr
)
{
Debug(LDAP_DEBUG_TRACE, "unique_open: overlay initialized\n", 0, 0, 0);
static int
unique_close(
- BackendDB *be
+ BackendDB *be,
+ ConfigReply *cr
)
{
slap_overinst *on = (slap_overinst *) be->bd_info;
AttributeDescription *ad,
BerVarray b,
char *kp,
+ int ks,
void *ctx
)
{
if ( b && b[0].bv_val ) {
for ( i = 0; b[i].bv_val; i++ ) {
struct berval bv;
+ int len;
ldap_bv2escaped_filter_value_x( &b[i], &bv, 1, ctx );
- kp += sprintf( kp, "(%s=%s)", ad->ad_cname.bv_val, bv.bv_val );
+ len = snprintf( kp, ks, "(%s=%s)", ad->ad_cname.bv_val, bv.bv_val );
+ assert( len >= 0 && len < ks );
+ kp += len;
if ( bv.bv_val != b[i].bv_val ) {
ber_memfree_x( bv.bv_val, ctx );
}
}
} else if ( domain->strict ) {
- kp += sprintf( kp, "(%s=*)", ad->ad_cname.bv_val );
+ int len;
+ len = snprintf( kp, ks, "(%s=*)", ad->ad_cname.bv_val );
+ assert( len >= 0 && len < ks );
+ kp += len;
}
break;
}
struct berval * dn,
int scope,
SlapReply *rs,
- char *key
+ struct berval *key
)
{
slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
unique_counter uq = { NULL, 0 };
int rc;
- Debug(LDAP_DEBUG_TRACE, "==> unique_search %s\n", key, 0, 0);
+ Debug(LDAP_DEBUG_TRACE, "==> unique_search %s\n", key->bv_val, 0, 0);
- nop->ors_filter = str2filter_x(nop, key);
- ber_str2bv(key, 0, 0, &nop->ors_filterstr);
+ nop->ors_filter = str2filter_x(nop, key->bv_val);
+ if(nop->ors_filter == NULL) {
+ op->o_bd->bd_info = (BackendInfo *) on->on_info;
+ send_ldap_error(op, rs, LDAP_OTHER,
+ "unique_search invalid filter");
+ return(rs->sr_err);
+ }
+
+ nop->ors_filterstr = *key;
cb.sc_response = (slap_response*)count_attr_cb;
cb.sc_private = &uq;
nop->o_bd = on->on_info->oi_origdb;
rc = nop->o_bd->be_search(nop, &nrs);
- filter_free_x(nop, nop->ors_filter);
- op->o_tmpfree( key, op->o_tmpmemctx );
+ filter_free_x(nop, nop->ors_filter, 1);
+ op->o_tmpfree( key->bv_val, op->o_tmpmemctx );
if(rc != LDAP_SUCCESS && rc != LDAP_NO_SUCH_OBJECT) {
op->o_bd->bd_info = (BackendInfo *) on->on_info;
Operation nop = *op;
Attribute *a;
char *key, *kp;
+ struct berval bvkey;
int rc = SLAP_CB_CONTINUE;
Debug(LDAP_DEBUG_TRACE, "==> unique_add <%s>\n",
for ( domain = legacy ? legacy : domains;
domain;
- domain = domain->next ) {
+ domain = domain->next )
+ {
unique_domain_uri *uri;
- int ks = 0;
+ int ks = STRLENOF("(|)");
for ( uri = domain->uri;
uri;
- uri = uri->next ) {
+ uri = uri->next )
+ {
+ int len;
- if ( uri->ndn
- && !dnIsSuffix( &op->o_req_ndn, uri->ndn ))
+ if ( uri->ndn.bv_val
+ && !dnIsSuffix( &op->o_req_ndn, &uri->ndn ))
continue;
if(!(a = op->ora_e->e_attrs)) {
/* skip this domain-uri if it isn't involved */
if ( !ks ) continue;
- if ( uri->filter && uri->filter->bv_len )
- ks += uri->filter->bv_len + STRLENOF ("(&)");
+ /* terminating NUL */
+ ks++;
+
+ if ( uri->filter.bv_val && uri->filter.bv_len )
+ ks += uri->filter.bv_len + STRLENOF ("(&)");
kp = key = op->o_tmpalloc(ks, op->o_tmpmemctx);
- if ( uri->filter && uri->filter->bv_len )
- kp += sprintf (kp, "(&%s", uri->filter->bv_val);
- kp += sprintf(kp, "(|");
+ if ( uri->filter.bv_val && uri->filter.bv_len ) {
+ len = snprintf (kp, ks, "(&%s", uri->filter.bv_val);
+ assert( len >= 0 && len < ks );
+ kp += len;
+ }
+ len = snprintf(kp, ks - (kp - key), "(|");
+ assert( len >= 0 && len < ks - (kp - key) );
+ kp += len;
for(a = op->ora_e->e_attrs; a; a = a->a_next)
kp = build_filter(domain,
a->a_desc,
a->a_vals,
kp,
+ ks - ( kp - key ),
op->o_tmpmemctx);
- kp += sprintf(kp, ")");
- if ( uri->filter && uri->filter->bv_len )
- kp += sprintf (kp, ")");
+ len = snprintf(kp, ks - (kp - key), ")");
+ assert( len >= 0 && len < ks - (kp - key) );
+ kp += len;
+ if ( uri->filter.bv_val && uri->filter.bv_len ) {
+ len = snprintf(kp, ks - (kp - key), ")");
+ assert( len >= 0 && len < ks - (kp - key) );
+ kp += len;
+ }
+ bvkey.bv_val = key;
+ bvkey.bv_len = kp - key;
rc = unique_search ( op,
&nop,
- uri->ndn ?
- uri->ndn :
+ uri->ndn.bv_val ?
+ &uri->ndn :
&op->o_bd->be_nsuffix[0],
uri->scope,
rs,
- key);
+ &bvkey);
if ( rc != SLAP_CB_CONTINUE ) break;
}
Operation nop = *op;
Modifications *m;
char *key, *kp;
+ struct berval bvkey;
int rc = SLAP_CB_CONTINUE;
Debug(LDAP_DEBUG_TRACE, "==> unique_modify <%s>\n",
for ( domain = legacy ? legacy : domains;
domain;
- domain = domain->next ) {
+ domain = domain->next )
+ {
unique_domain_uri *uri;
- int ks = 0;
+ int ks = STRLENOF("(|)");
for ( uri = domain->uri;
uri;
- uri = uri->next ) {
+ uri = uri->next )
+ {
+ int len;
- if ( uri->ndn
- && !dnIsSuffix( &op->o_req_ndn, uri->ndn ))
+ if ( uri->ndn.bv_val
+ && !dnIsSuffix( &op->o_req_ndn, &uri->ndn ))
continue;
if ( !(m = op->orm_modlist) ) {
/* skip this domain-uri if it isn't involved */
if ( !ks ) continue;
- if ( uri->filter && uri->filter->bv_len )
- ks += uri->filter->bv_len + STRLENOF ("(&)");
+ /* terminating NUL */
+ ks++;
+
+ if ( uri->filter.bv_val && uri->filter.bv_len )
+ ks += uri->filter.bv_len + STRLENOF ("(&)");
kp = key = op->o_tmpalloc(ks, op->o_tmpmemctx);
- if ( uri->filter && uri->filter->bv_len )
- kp += sprintf (kp, "(&%s", uri->filter->bv_val);
- kp += sprintf(kp, "(|");
+ if ( uri->filter.bv_val && uri->filter.bv_len ) {
+ len = snprintf(kp, ks, "(&%s", uri->filter.bv_val);
+ assert( len >= 0 && len < ks );
+ kp += len;
+ }
+ len = snprintf(kp, ks - (kp - key), "(|");
+ assert( len >= 0 && len < ks - (kp - key) );
+ kp += len;
for(m = op->orm_modlist; m; m = m->sml_next)
if ( (m->sml_op & LDAP_MOD_OP)
m->sml_desc,
m->sml_values,
kp,
+ ks - (kp - key),
op->o_tmpmemctx );
- kp += sprintf (kp, ")");
- if ( uri->filter && uri->filter->bv_len )
- kp += sprintf (kp, ")");
+ len = snprintf(kp, ks - (kp - key), ")");
+ assert( len >= 0 && len < ks - (kp - key) );
+ kp += len;
+ if ( uri->filter.bv_val && uri->filter.bv_len ) {
+ len = snprintf (kp, ks - (kp - key), ")");
+ assert( len >= 0 && len < ks - (kp - key) );
+ kp += len;
+ }
+ bvkey.bv_val = key;
+ bvkey.bv_len = kp - key;
rc = unique_search ( op,
&nop,
- uri->ndn ?
- uri->ndn :
+ uri->ndn.bv_val ?
+ &uri->ndn :
&op->o_bd->be_nsuffix[0],
uri->scope,
rs,
- key);
+ &bvkey);
if ( rc != SLAP_CB_CONTINUE ) break;
}
unique_domain *domain;
Operation nop = *op;
char *key, *kp;
+ struct berval bvkey;
LDAPRDN newrdn;
struct berval bv[2];
int rc = SLAP_CB_CONTINUE;
for ( domain = legacy ? legacy : domains;
domain;
- domain = domain->next ) {
+ domain = domain->next )
+ {
unique_domain_uri *uri;
- int ks = 0;
+ int ks = STRLENOF("(|)");
for ( uri = domain->uri;
uri;
- uri = uri->next ) {
- int i;
+ uri = uri->next )
+ {
+ int i, len;
- if ( uri->ndn
- && !dnIsSuffix( &op->o_req_ndn, uri->ndn )
+ if ( uri->ndn.bv_val
+ && !dnIsSuffix( &op->o_req_ndn, &uri->ndn )
&& (!op->orr_nnewSup
- || !dnIsSuffix( op->orr_nnewSup, uri->ndn )))
+ || !dnIsSuffix( op->orr_nnewSup, &uri->ndn )))
continue;
if ( ldap_bv2rdn_x ( &op->oq_modrdn.rs_newrdn,
/* skip this domain if it isn't involved */
if ( !ks ) continue;
- if ( uri->filter && uri->filter->bv_len )
- ks += uri->filter->bv_len + STRLENOF ("(&)");
+ /* terminating NUL */
+ ks++;
+
+ if ( uri->filter.bv_val && uri->filter.bv_len )
+ ks += uri->filter.bv_len + STRLENOF ("(&)");
kp = key = op->o_tmpalloc(ks, op->o_tmpmemctx);
- if ( uri->filter && uri->filter->bv_len )
- kp += sprintf (kp, "(&%s", uri->filter->bv_val);
- kp += sprintf(kp, "(|");
+ if ( uri->filter.bv_val && uri->filter.bv_len ) {
+ len = snprintf(kp, ks, "(&%s", uri->filter.bv_val);
+ assert( len >= 0 && len < ks );
+ kp += len;
+ }
+ len = snprintf(kp, ks - (kp - key), "(|");
+ assert( len >= 0 && len < ks - (kp - key) );
+ kp += len;
for ( i=0; newrdn[i]; i++) {
bv[0] = newrdn[i]->la_value;
newrdn[i]->la_private,
bv,
kp,
+ ks - (kp - key ),
op->o_tmpmemctx);
}
- kp += sprintf(kp, ")");
- if ( uri->filter && uri->filter->bv_len )
- kp += sprintf (kp, ")");
+ len = snprintf(kp, ks - (kp - key), ")");
+ assert( len >= 0 && len < ks - (kp - key) );
+ kp += len;
+ if ( uri->filter.bv_val && uri->filter.bv_len ) {
+ len = snprintf (kp, ks - (kp - key), ")");
+ assert( len >= 0 && len < ks - (kp - key) );
+ kp += len;
+ }
+ bvkey.bv_val = key;
+ bvkey.bv_len = kp - key;
rc = unique_search ( op,
&nop,
- uri->ndn ?
- uri->ndn :
+ uri->ndn.bv_val ?
+ &uri->ndn :
&op->o_bd->be_nsuffix[0],
uri->scope,
rs,
- key);
+ &bvkey);
if ( rc != SLAP_CB_CONTINUE ) break;
}