[Note: The previous patch did not fix the problem when
the consumer's access was restricted to the replicated
subtree. This patch fixes that.]
Perform the internal FIND_CSN search based at the backend's suffix with the
privileges of the backend's root DN.
---
servers/slapd/overlays/syncprov.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/servers/slapd/overlays/syncprov.c
b/servers/slapd/overlays/syncprov.c
index 0c148f9..a058e19 100644
--- a/servers/slapd/overlays/syncprov.c
+++ b/servers/slapd/overlays/syncprov.c
@@ -661,6 +661,8 @@ again:
if ( BER_BVISEMPTY( &cf.f_av_value )) {
cf.f_av_value = *csn;
}
+ fop.o_dn = op->o_bd->be_rootdn;
+ fop.o_ndn = op->o_bd->be_rootndn;
fop.o_req_dn = op->o_bd->be_suffix[0];
fop.o_req_ndn = op->o_bd->be_nsuffix[0];
/* Look for exact match the first time */
--
1.7.1.1
