From: Kurt Zeilenga <kurt@openldap.org>
Date: Sat, 28 Oct 2006 03:52:53 +0000 (+0000)
Subject: RFC 4511 calls for unavailableCriticalExtension to returned when
X-Git-Tag: OPENLDAP_REL_ENG_2_3_MP~28
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=672f8ef3f39ed6008c1ff267847e32de59c5eeaf;p=openldap

RFC 4511 calls for unavailableCriticalExtension to returned when
a server is unwilling to make use of a known critical control.
---

diff --git a/servers/slapd/backend.c b/servers/slapd/backend.c
index 64a23ab1d2..8721ab1aff 100644
--- a/servers/slapd/backend.c
+++ b/servers/slapd/backend.c
@@ -852,18 +852,13 @@ backend_check_controls(
 
 			case LDAP_COMPARE_FALSE:
 				if ( !op->o_bd->be_ctrls[cid] && (*ctrls)->ldctl_iscritical ) {
-					/* Per RFC 2251 (and LDAPBIS discussions), if the control
-					 * is recognized and appropriate for the operation (which
-					 * we've already verified), then the server should make
-					 * use of the control when performing the operation.
-					 * 
-					 * Here we find that operation extended by the control
-					 * is unavailable in a particular context, and the control
-					 * is marked Critical, hence the return of
-					 * unwillingToPerform.
+					/* RFC 4511 allows unavailableCriticalExtension to be
+					 * returned when the server is unwilling to perform
+					 * an operation extended by a recognized critical
+					 * control.
 					 */
 					rs->sr_text = "critical control unavailable in context";
-					rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+					rs->sr_err = LDAP_UNAVAILABLE_CRITICAL_EXTENSION;
 					goto done;
 				}
 				break;