https://bugzilla.redhat.com/show_bug.cgi?id=536703
https://bugzilla.redhat.com/attachment.cgi?id=386207&action=diff
https://bugzilla.redhat.com/attachment.cgi?id=386207&action=edit
>From 4d93699a71acb061c5787d2b8b61a0417ce02808 Mon Sep 17 00:00:00 2001
From: Nathan Kinder <nkinder@xxxxxxxxxx>
Date: Fri, 22 Jan 2010 09:37:08 -0800
Subject: [PATCH] Bug 536703 - Don't send empty mod to AD for mapped DN values
When using winsync, setting a mapped DN attribute (such as seeAlso) to
a DN outside the scope of the sync agreement causes an empty modify
operation to be sent to AD. This causes AD to respond with LDAP error
89, which triggers the update to abort.
The problem is that windows_update_remote_entry() uses a flag to
determine if it has a modify to send to AD. This flag is set by
windows_generate_update_mods(), but the mods are empty since it is
detecting that the DN used in seeAlso is not in the scope of the sync
agreement.
The fix is to only set the modify flag if we actually have mods to send.
---
.../plugins/replication/windows_protocol_util.c | 6 +++++-
1 files changed, 5 insertions(+), 1 deletions(-)
diff --git a/ldap/servers/plugins/replication/windows_protocol_util.c b/ldap/servers/plugins/replication/windows_protocol_util.c
index 2c31c4f..537e453 100644
--- a/ldap/servers/plugins/replication/windows_protocol_util.c
+++ b/ldap/servers/plugins/replication/windows_protocol_util.c
@@ -3818,7 +3818,11 @@ windows_generate_update_mods(Private_Repl_Protocol *prp,Slapi_Entry *remote_entr
slapi_mods_add_mod_values(smods,LDAP_MOD_ADD,local_type,valueset_get_valuearray(vs));
}
}
- *do_modify = 1;
+
+ /* Only set the do_modify flag if smods is not empty */
+ if (slapi_mods_get_num_mods(smods) > 0) {
+ *do_modify = 1;
+ }
}
}
--
1.6.2.5
--
389-devel mailing list
389-devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-devel
