From a08a2db4063f54a6217a0f091aebd02f8bdb482e Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Mon, 19 Oct 2020 14:03:41 +0100
Subject: [PATCH] ITS#9370 check for equality rule on old_rdn

We should probably just check in dnNormalize instead, and catch
this everywhere DNs are received. It might make us reject some
DNs that are already in use, though (e.g. received from other
directory servers that don't do schema checking).
---
 servers/slapd/modrdn.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/servers/slapd/modrdn.c b/servers/slapd/modrdn.c
index 68e08ce882..fbd7639f42 100644
--- a/servers/slapd/modrdn.c
+++ b/servers/slapd/modrdn.c
@@ -499,6 +499,16 @@ slap_modrdn2mods(
 					old_rdn[d_cnt]->la_attr.bv_val );
 				goto done;		
 			}
+			if ( !desc->ad_type->sat_equality ) {
+				Debug( LDAP_DEBUG_TRACE,
+					"%s slap_modrdn2mods: %s: %s (old)\n",
+					op->o_log_prefix,
+					rs->sr_text,
+					old_rdn[ d_cnt ]->la_attr.bv_val );
+				rs->sr_text = "naming attribute has no equality matching rule";
+				rs->sr_err = LDAP_NAMING_VIOLATION;
+				goto done;
+			}
 
 			/* Apply modification */
 			mod_tmp = ( Modifications * )ch_malloc( sizeof( Modifications ) );
-- 
2.47.3