From a784e4d054d0da14e5375c13c76bde9b5a6b38ba Mon Sep 17 00:00:00 2001
From: Kurt Zeilenga <kurt@openldap.org>
Date: Sat, 8 Jun 2002 18:04:43 +0000
Subject: [PATCH] Add rootdn check when rootpw is set.

---
 servers/slapd/config.c | 42 +++++++++++++++++++++++++++++++-----------
 1 file changed, 31 insertions(+), 11 deletions(-)

diff --git a/servers/slapd/config.c b/servers/slapd/config.c
index d89f9cb21b..d6985fdf0c 100644
--- a/servers/slapd/config.c
+++ b/servers/slapd/config.c
@@ -1222,30 +1222,50 @@ read_config( const char *fname )
 			if ( cargc < 2 ) {
 #ifdef NEW_LOGGING
 				LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
-					   "%s: line %d: missing passwd in \"rootpw <passwd>\""
-					   " line\n", fname, lineno ));
+					"%s: line %d: missing passwd in \"rootpw <passwd>\""
+					" line\n", fname, lineno ));
 #else
-				Debug( LDAP_DEBUG_ANY,
-	    "%s: line %d: missing passwd in \"rootpw <passwd>\" line\n",
+				Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+					"missing passwd in \"rootpw <passwd>\" line\n",
 				    fname, lineno, 0 );
 #endif
 
 				return( 1 );
 			}
+
 			if ( be == NULL ) {
 #ifdef NEW_LOGGING
-				LDAP_LOG(( "config", LDAP_LEVEL_INFO,
-					   "%s: line %d: rootpw line must appear inside a database "
-					   "definition (ignored)\n", fname, lineno ));
+				LDAP_LOG(( "config", LDAP_LEVEL_INFO, "%s: line %d: "
+					"rootpw line must appear inside a database "
+					"definition (ignored)\n", fname, lineno ));
 #else
-				Debug( LDAP_DEBUG_ANY,
-"%s: line %d: rootpw line must appear inside a database definition (ignored)\n",
+				Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+					"rootpw line must appear inside a database "
+					"definition (ignored)\n",
 				    fname, lineno, 0 );
 #endif
 
 			} else {
-				be->be_rootpw.bv_val = ch_strdup( cargv[1] );
-				be->be_rootpw.bv_len = strlen( be->be_rootpw.bv_val );
+				Backend *tmp_be = select_backend( &be->be_rootndn, 0, 0 );
+
+				if( tmp_be != be ) {
+#ifdef NEW_LOGGING
+					LDAP_LOG(( "config", LDAP_LEVEL_INFO,
+						"%s: line %d: "
+						"rootpw cannot be set when rootdn not under suffix "
+						"(ignored)\n",
+						fname, lineno ));
+#else
+					Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+						"rootpw cannot be set when rootdn not under suffix"
+						"(ignored)\n",
+				    	fname, lineno, 0 );
+#endif
+
+				} else {
+					be->be_rootpw.bv_val = ch_strdup( cargv[1] );
+					be->be_rootpw.bv_len = strlen( be->be_rootpw.bv_val );
+				}
 			}
 
 		/* make this database read-only */
-- 
2.39.5