ITS#9100 relax domainScope check for absent value

diff --git a/servers/slapd/controls.c b/servers/slapd/controls.c
index 30e28136ceeee99a35ada197563ad050df020593..0775f35db2c2260997c2bc362b0a1c910edaee84 100644 (file)
--- a/servers/slapd/controls.c
+++ b/servers/slapd/controls.c
@@ -1660,7 +1660,11 @@ static int parseDomainScope (
                return LDAP_PROTOCOL_ERROR;
        }
 
-       if ( !BER_BVISNULL( &ctrl->ldctl_value )) {
+       /* this should be checking BVISNULL, but M$ clients are broken
+        * and include the value even though the M$ spec says it must be
+        * omitted. ITS#9100.
+        */
+       if ( !BER_BVISEMPTY( &ctrl->ldctl_value )) {
                rs->sr_text = "domainScope control value not absent";
                return LDAP_PROTOCOL_ERROR;
        }