From: Luke Howard <lukeh@openldap.org>
Date: Thu, 5 Dec 2002 12:25:16 +0000 (+0000)
Subject: Allow the root DN to switch to any authorization identity.
X-Git-Tag: NO_SLAP_OP_BLOCKS~717
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=6730080081f82d3afda28f8c558f815f4d9aa0ac;p=openldap

Allow the root DN to switch to any authorization identity.
---

diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c
index c2e2200bee..2bf375c5b3 100644
--- a/servers/slapd/saslauthz.c
+++ b/servers/slapd/saslauthz.c
@@ -679,6 +679,12 @@ int slap_sasl_authorized( Connection *conn,
 		goto DONE;
 	}
 
+	/* Allow the manager to authorize as any DN. */
+	if( be_isroot( conn->c_authz_backend, authcDN )) {
+		rc = LDAP_SUCCESS;
+		goto DONE;
+	}
+
 	/* Check source rules */
 	if( authz_policy & SASL_AUTHZ_TO ) {
 		rc = slap_sasl_check_authz( conn, authcDN, authzDN,