ITS#5881 consumer must use ManageDSAiT control to retrieve referrals

as entries. provider must preserve incoming ManageDSAiT status.

diff --git a/servers/slapd/overlays/syncprov.c b/servers/slapd/overlays/syncprov.c
index d7c857b6bae578b040ab509fd131bd9d0de28f7b..ef20194d89b8970032ed1aa890a6aae532e9aaf8 100644 (file)
--- a/servers/slapd/overlays/syncprov.c
+++ b/servers/slapd/overlays/syncprov.c
@@ -800,7 +800,7 @@ syncprov_sendresp( Operation *op, opcookie *opc, syncops *so,
                rs.sr_entry = *e;
                if ( rs.sr_entry->e_private )
                        rs.sr_flags = REP_ENTRY_MUSTRELEASE;
-               if ( opc->sreference ) {
+               if ( opc->sreference && so->s_op->o_managedsait <= SLAP_CONTROL_IGNORED ) {
                        rs.sr_ref = get_entry_referrals( op, rs.sr_entry );
                        rs.sr_err = send_search_reference( op, &rs );
                        ber_bvarray_free( rs.sr_ref );
@@ -823,7 +823,7 @@ syncprov_sendresp( Operation *op, opcookie *opc, syncops *so,
                e_uuid.e_name = opc->sdn;
                e_uuid.e_nname = opc->sndn;
                rs.sr_entry = &e_uuid;
-               if ( opc->sreference ) {
+               if ( opc->sreference && so->s_op->o_managedsait <= SLAP_CONTROL_IGNORED ) {
                        struct berval bv = BER_BVNULL;
                        rs.sr_ref = &bv;
                        rs.sr_err = send_search_reference( op, &rs );
@@ -1949,6 +1949,7 @@ syncprov_detach_op( Operation *op, syncops *so, slap_overinst *on )
        op2->o_time = op->o_time;
        op2->o_bd = on->on_info->oi_origdb;
        op2->o_request = op->o_request;
+       op2->o_managedsait = op->o_managedsait;
        LDAP_SLIST_FIRST(&op2->o_extra)->oe_key = on;
        LDAP_SLIST_NEXT(LDAP_SLIST_FIRST(&op2->o_extra), oe_next) = NULL;
 
@@ -2175,7 +2176,6 @@ syncprov_op_search( Operation *op, SlapReply *rs )
        }
 
        srs = op->o_controls[slap_cids.sc_LDAPsync];
-       op->o_managedsait = SLAP_CONTROL_NONCRITICAL;
 
        /* If this is a persistent search, set it up right away */
        if ( op->o_sync_mode & SLAP_SYNC_PERSIST ) {

diff --git a/servers/slapd/syncrepl.c b/servers/slapd/syncrepl.c
index bfc565ba9beb2990bba684c9e10c51dff6378120..8492e5477b5193a1e0af452f4e4ba5b75e28727d 100644 (file)
--- a/servers/slapd/syncrepl.c
+++ b/servers/slapd/syncrepl.c
@@ -343,7 +343,7 @@ ldap_sync_search(
 {
        BerElementBuffer berbuf;
        BerElement *ber = (BerElement *)&berbuf;
-       LDAPControl c[2], *ctrls[3];
+       LDAPControl c[3], *ctrls[4];
        int rc;
        int rhint;
        char *base;
@@ -417,14 +417,19 @@ ldap_sync_search(
        c[0].ldctl_iscritical = si->si_type < 0;
        ctrls[0] = &c[0];
 
+       c[1].ldctl_oid = LDAP_CONTROL_MANAGEDSAIT;
+       BER_BVZERO( &c[1].ldctl_value );
+       c[1].ldctl_iscritical = 1;
+       ctrls[1] = &c[1];
+
        if ( !BER_BVISNULL( &si->si_bindconf.sb_authzId ) ) {
-               c[1].ldctl_oid = LDAP_CONTROL_PROXY_AUTHZ;
-               c[1].ldctl_value = si->si_bindconf.sb_authzId;
-               c[1].ldctl_iscritical = 1;
-               ctrls[1] = &c[1];
-               ctrls[2] = NULL;
+               c[2].ldctl_oid = LDAP_CONTROL_PROXY_AUTHZ;
+               c[2].ldctl_value = si->si_bindconf.sb_authzId;
+               c[2].ldctl_iscritical = 1;
+               ctrls[2] = &c[2];
+               ctrls[3] = NULL;
        } else {
-               ctrls[1] = NULL;
+               ctrls[2] = NULL;
        }
 
        rc = ldap_search_ext( si->si_ld, base, scope, filter, attrs, attrsonly,
@@ -583,6 +588,8 @@ do_syncrep1(
        rc = LDAP_DEREF_NEVER;  /* actually could allow DEREF_FINDING */
        ldap_set_option( si->si_ld, LDAP_OPT_DEREF, &rc );
 
+       ldap_set_option( si->si_ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF );
+
        si->si_syncCookie.rid = si->si_rid;
 
        /* whenever there are multiple data sources possible, advertise sid */