Allow the root DN to switch to any authorization identity.

author Luke Howard <lukeh@openldap.org>

Thu, 5 Dec 2002 12:25:16 +0000 (12:25 +0000)

committer Luke Howard <lukeh@openldap.org>

Thu, 5 Dec 2002 12:25:16 +0000 (12:25 +0000)
author Luke Howard <lukeh@openldap.org>
Thu, 5 Dec 2002 12:25:16 +0000 (12:25 +0000)
committer Luke Howard <lukeh@openldap.org>
Thu, 5 Dec 2002 12:25:16 +0000 (12:25 +0000)
diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c

index c2e2200beea83ee011843371c6d19d2e517a76fc..2bf375c5b30dbb088e71ee365f77959cccdac770 100644 (file)
--- a/servers/slapd/saslauthz.c
+++ b/servers/slapd/saslauthz.c
@@ -679,6 +679,12 @@ int slap_sasl_authorized( Connection *conn,
                 goto DONE;
         }
  
+       /* Allow the manager to authorize as any DN. */
+       if( be_isroot( conn->c_authz_backend, authcDN )) {
+               rc = LDAP_SUCCESS;
+               goto DONE;
+       }
+
         /* Check source rules */
         if( authz_policy & SASL_AUTHZ_TO ) {
                 rc = slap_sasl_check_authz( conn, authcDN, authzDN,
author	Luke Howard <lukeh@openldap.org>
	Thu, 5 Dec 2002 12:25:16 +0000 (12:25 +0000)
committer	Luke Howard <lukeh@openldap.org>
	Thu, 5 Dec 2002 12:25:16 +0000 (12:25 +0000)