if (ac->schema != NULL) {
unsigned int linkID = 0;
+ bool is_schema_update = false;
/*
* Notice: by the normalization function call in "ldb_request()"
* case "LDB_ADD" we have always only *one* "objectClass"
* "attributeSchema" objects. So truncate if it does not fit. */
if (ldb_attr_cmp(objectclass->lDAPDisplayName, "attributeSchema") == 0) {
systemFlags_allowed |= SYSTEM_FLAG_ATTR_IS_RDN;
+ is_schema_update = true;
+ }
+
+ if (ldb_attr_cmp(objectclass->lDAPDisplayName, "classSchema") == 0) {
+ is_schema_update = true;
+ }
+
+ if (is_schema_update) {
+ is_schema_update = dsdb_schema_upgrade_in_progress(ldb);
+ }
+ if (is_schema_update) {
+ /*
+ * Allow everything if we're in schemaUpgradeInProgress
+ * mode, but keep the SYSTEM_FLAG_ATTR_IS_RDN bit.
+ */
+ systemFlags_allowed |= ~SYSTEM_FLAG_ATTR_IS_RDN;
}
if (ldb_request_get_control(ac->req, LDB_CONTROL_RELAX_OID) != NULL) {