From: Howard Chu <hyc@openldap.org>
Date: Mon, 28 Oct 2019 19:01:36 +0000 (+0000)
Subject: ITS#9100 relax domainScope check for absent value
X-Git-Tag: OPENLDAP_REL_ENG_2_5_0ALPHA~67^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=230b4696691b67a84bc8309775c789a40fdcc4ff;p=thirdparty%2Fopenldap.git

ITS#9100 relax domainScope check for absent value
---

diff --git a/servers/slapd/controls.c b/servers/slapd/controls.c
index dad24e1f3f..8fcf6e7aa4 100644
--- a/servers/slapd/controls.c
+++ b/servers/slapd/controls.c
@@ -1714,7 +1714,11 @@ static int parseDomainScope (
 		return LDAP_PROTOCOL_ERROR;
 	}
 
-	if ( !BER_BVISNULL( &ctrl->ldctl_value )) {
+	/* this should be checking BVISNULL, but M$ clients are broken
+	 * and include the value even though the M$ spec says it must be
+	 * omitted. ITS#9100.
+	 */
+	if ( !BER_BVISEMPTY( &ctrl->ldctl_value )) {
 		rs->sr_text = "domainScope control value not absent";
 		return LDAP_PROTOCOL_ERROR;
 	}