ITS#7249 Disallow memberof-addcheck when memberof is global

author Ondřej Kuzník <ondra@mistotebe.net>

Thu, 16 Jan 2025 15:27:20 +0000 (15:27 +0000)

committer Quanah Gibson-Mount <quanah@openldap.org>

Wed, 19 Feb 2025 17:29:04 +0000 (17:29 +0000)
author Ondřej Kuzník <ondra@mistotebe.net>
Thu, 16 Jan 2025 15:27:20 +0000 (15:27 +0000)
committer Quanah Gibson-Mount <quanah@openldap.org>
Wed, 19 Feb 2025 17:29:04 +0000 (17:29 +0000)
diff --git a/servers/slapd/overlays/memberof.c b/servers/slapd/overlays/memberof.c

index 391c94ee0c5ea641d3b1256f93d061b313637c94..e50457ba17afb246c44b2473d2eb8af793b81bc1 100644 (file)
--- a/servers/slapd/overlays/memberof.c
+++ b/servers/slapd/overlays/memberof.c
@@ -2151,6 +2151,15 @@ mo_cf_gen( ConfigArgs *c )
  
                 case MO_ADDCHECK:
                         if ( c->value_int ) {
+                               if ( SLAP_ISGLOBALOVERLAY( c->be ) ) {
+                                       snprintf( c->cr_msg, sizeof( c->cr_msg ),
+                                               "addcheck functionality not supported "
+                                               "when memberof is a global overlay",
+                                               c->argv[ 1 ] );
+                                       Debug( LDAP_DEBUG_ANY, "%s: %s.\n",
+                                               c->log, c->cr_msg );
+                                       return 1;
+                               }
                                 mo->mo_flags |= MEMBEROF_FADDCHECK;
  
                         } else {
author	Ondřej Kuzník <ondra@mistotebe.net>
	Thu, 16 Jan 2025 15:27:20 +0000 (15:27 +0000)
committer	Quanah Gibson-Mount <quanah@openldap.org>
	Wed, 19 Feb 2025 17:29:04 +0000 (17:29 +0000)