.B ignore ldap:///...
URIs are intentionally not hardcoded into the overlay to allow for
maximum flexibility in meeting site-specific requirements.
+.LP
+Replication and operations with
+.B manageDsaIt
+control are allowed to bypass this enforcement. It is therefore important that
+all servers accepting writes have this overlay configured in order to maintain
+uniqueness in a replicated DIT.
.SH FILES
.TP
ETCDIR/slapd.conf
Debug(LDAP_DEBUG_TRACE, "==> unique_add <%s>\n",
op->o_req_dn.bv_val, 0, 0);
+ /* skip the checks if the operation has manageDsaIt control in it
+ * (for replication) */
+ if ( op->o_managedsait > SLAP_CONTROL_IGNORED ) {
+ Debug(LDAP_DEBUG_TRACE, "unique_add: administrative bypass, skipping\n", 0, 0, 0);
+ return rc;
+ }
+
for ( domain = legacy ? legacy : domains;
domain;
domain = domain->next )
Debug(LDAP_DEBUG_TRACE, "==> unique_modify <%s>\n",
op->o_req_dn.bv_val, 0, 0);
+ /* skip the checks if the operation has manageDsaIt control in it
+ * (for replication) */
+ if ( op->o_managedsait > SLAP_CONTROL_IGNORED ) {
+ Debug(LDAP_DEBUG_TRACE, "unique_modify: administrative bypass, skipping\n", 0, 0, 0);
+ return rc;
+ }
+
for ( domain = legacy ? legacy : domains;
domain;
domain = domain->next )
Debug(LDAP_DEBUG_TRACE, "==> unique_modrdn <%s> <%s>\n",
op->o_req_dn.bv_val, op->orr_newrdn.bv_val, 0);
+ /* skip the checks if the operation has manageDsaIt control in it
+ * (for replication) */
+ if ( op->o_managedsait > SLAP_CONTROL_IGNORED ) {
+ Debug(LDAP_DEBUG_TRACE, "unique_modrdn: administrative bypass, skipping\n", 0, 0, 0);
+ return rc;
+ }
+
for ( domain = legacy ? legacy : domains;
domain;
domain = domain->next )
projects / openldap / commitdiff