X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fcompare.c;h=f69c162527bc7970e493eb3cde24e13f8128d558;hb=c92571680d87dc87cfe533bc3378d00ae3683141;hp=bbe9774e1dd6f2526cf1c5afbdab10ab06059bfb;hpb=7f826af5fd925b04e993bbe23479b136d4517ef0;p=openldap

diff --git a/servers/slapd/compare.c b/servers/slapd/compare.c
index bbe9774e1d..f69c162527 100644
--- a/servers/slapd/compare.c
+++ b/servers/slapd/compare.c
@@ -243,7 +243,13 @@ fe_op_compare( Operation *op, SlapReply *rs )
 		ava.aa_desc->ad_cname.bv_val, 0, 0 );
 
 	op->orc_ava = &ava;
-	if ( ava.aa_desc == slap_schema.si_ad_entryDN ) {
+
+	if ( SLAP_SHADOW(op->o_bd) && get_dontUseCopy(op) ) {
+		/* don't use shadow copy */
+		send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
+			"copy not used" );
+
+	} else if ( ava.aa_desc == slap_schema.si_ad_entryDN ) {
 		send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
 			"entryDN compare not supported" );
 
@@ -284,7 +290,6 @@ fe_op_compare( Operation *op, SlapReply *rs )
 			}
 
 		} else {
-#ifdef SLAP_ACL_HONOR_DISCLOSE
 			/* return error only if "disclose"
 			 * is granted on the object */
 			if ( backend_access( op, NULL, &op->o_req_ndn,
@@ -293,7 +298,6 @@ fe_op_compare( Operation *op, SlapReply *rs )
 			{
 				rs->sr_err = LDAP_NO_SUCH_OBJECT;
 			}
-#endif /* SLAP_ACL_HONOR_DISCLOSE */
 		}
 
 		send_ldap_result( op, rs );
@@ -328,7 +332,6 @@ fe_op_compare( Operation *op, SlapReply *rs )
 				ava.aa_desc, &vals, ACL_COMPARE );
 		switch ( rs->sr_err ) {
 		default:
-#ifdef SLAP_ACL_HONOR_DISCLOSE
 			/* return error only if "disclose"
 			 * is granted on the object */
 			if ( backend_access( op, NULL, &op->o_req_ndn,
@@ -338,7 +341,6 @@ fe_op_compare( Operation *op, SlapReply *rs )
 			{
 				rs->sr_err = LDAP_NO_SUCH_OBJECT;
 			}
-#endif /* SLAP_ACL_HONOR_DISCLOSE */
 			break;
 
 		case LDAP_SUCCESS:
@@ -416,7 +418,6 @@ static int compare_entry(
 	}
 
 done:
-#ifdef LDAP_ACL_HONOR_DISCLOSE
 	if( rc != LDAP_COMPARE_TRUE && rc != LDAP_COMPARE_FALSE ) {
 		if ( ! access_allowed( op, e,
 			slap_schema.si_ad_entry, NULL, ACL_DISCLOSE, NULL ) )
@@ -424,7 +425,6 @@ done:
 			rc = LDAP_NO_SUCH_OBJECT;
 		}
 	}
-#endif
 
 	return rc;
 }