From: Howard Chu <hyc@openldap.org>
Date: Fri, 2 Sep 2005 20:23:32 +0000 (+0000)
Subject: Bypass all add/modify checks on replicas, the master has done them already.
X-Git-Tag: OPENLDAP_REL_ENG_2_2_MP~500
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=f1561ac4b5d79bcc994972a914da0df723d93031;p=openldap

Bypass all add/modify checks on replicas, the master has done them already.
---

diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c
index 006631cb8a..cc5cb9d409 100644
--- a/servers/slapd/overlays/ppolicy.c
+++ b/servers/slapd/overlays/ppolicy.c
@@ -1060,6 +1060,10 @@ ppolicy_add(
 	if ( ppolicy_restrict( op, rs ) != SLAP_CB_CONTINUE )
 		return rs->sr_err;
 
+	/* If this is a replica, assume the master checked everything */
+	if ( be_shadow_update( op ))
+		return SLAP_CB_CONTINUE;
+
 	/* Check for password in entry */
 	if ((pa = attr_find( op->oq_add.rs_e->e_attrs,
 		slap_schema.si_ad_userPassword )))
@@ -1126,7 +1130,7 @@ ppolicy_add(
 			}
 		}
 		/* If password aging is in effect, set the pwdChangedTime */
-		if (( pp.pwdMaxAge || pp.pwdMinAge ) && !be_shadow_update( op )) {
+		if ( pp.pwdMaxAge || pp.pwdMinAge ) {
 			struct berval timestamp;
 			char timebuf[ LDAP_LUTIL_GENTIME_BUFSIZE ];
 			time_t now = slap_get_time();
@@ -1159,6 +1163,10 @@ ppolicy_modify( Operation *op, SlapReply *rs )
 				*bv, cr[2];
 	LDAPPasswordPolicyError pErr = PP_noError;
 
+	/* If this is a replica, assume the master checked everything */
+	if ( be_shadow_update( op ))
+		return SLAP_CB_CONTINUE;
+
 	op->o_bd->bd_info = (BackendInfo *)on->on_info;
 	rc = be_entry_get_rw( op, &op->o_req_ndn, NULL, NULL, 0, &e );
 	op->o_bd->bd_info = (BackendInfo *)on;
@@ -1434,7 +1442,7 @@ ppolicy_modify( Operation *op, SlapReply *rs )
 	}
 
 do_modify:
-	if ((pwmod) && (!be_shadow_update( op ))) {
+	if (pwmod) {
 		struct berval timestamp;
 		char timebuf[ LDAP_LUTIL_GENTIME_BUFSIZE ];
 		time_t now = slap_get_time();