From 6730080081f82d3afda28f8c558f815f4d9aa0ac Mon Sep 17 00:00:00 2001
From: Luke Howard <lukeh@openldap.org>
Date: Thu, 5 Dec 2002 12:25:16 +0000
Subject: [PATCH] Allow the root DN to switch to any authorization identity.

---
 servers/slapd/saslauthz.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c
index c2e2200bee..2bf375c5b3 100644
--- a/servers/slapd/saslauthz.c
+++ b/servers/slapd/saslauthz.c
@@ -679,6 +679,12 @@ int slap_sasl_authorized( Connection *conn,
 		goto DONE;
 	}
 
+	/* Allow the manager to authorize as any DN. */
+	if( be_isroot( conn->c_authz_backend, authcDN )) {
+		rc = LDAP_SUCCESS;
+		goto DONE;
+	}
+
 	/* Check source rules */
 	if( authz_policy & SASL_AUTHZ_TO ) {
 		rc = slap_sasl_check_authz( conn, authcDN, authzDN,
-- 
2.39.5