From: Howard Chu <hyc@openldap.org>
Date: Mon, 19 Oct 2020 13:03:41 +0000 (+0100)
Subject: ITS#9370 check for equality rule on old_rdn
X-Git-Tag: OPENLDAP_REL_ENG_2_5_1ALPHA~18^2~241
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a08a2db4063f54a6217a0f091aebd02f8bdb482e;p=thirdparty%2Fopenldap.git

ITS#9370 check for equality rule on old_rdn

We should probably just check in dnNormalize instead, and catch
this everywhere DNs are received. It might make us reject some
DNs that are already in use, though (e.g. received from other
directory servers that don't do schema checking).
---

diff --git a/servers/slapd/modrdn.c b/servers/slapd/modrdn.c
index 68e08ce882..fbd7639f42 100644
--- a/servers/slapd/modrdn.c
+++ b/servers/slapd/modrdn.c
@@ -499,6 +499,16 @@ slap_modrdn2mods(
 					old_rdn[d_cnt]->la_attr.bv_val );
 				goto done;		
 			}
+			if ( !desc->ad_type->sat_equality ) {
+				Debug( LDAP_DEBUG_TRACE,
+					"%s slap_modrdn2mods: %s: %s (old)\n",
+					op->o_log_prefix,
+					rs->sr_text,
+					old_rdn[ d_cnt ]->la_attr.bv_val );
+				rs->sr_text = "naming attribute has no equality matching rule";
+				rs->sr_err = LDAP_NAMING_VIOLATION;
+				goto done;
+			}
 
 			/* Apply modification */
 			mod_tmp = ( Modifications * )ch_malloc( sizeof( Modifications ) );