+ struct ldapinfo *li = (struct ldapinfo *)op->o_bd->be_private;
+ int rc;
+ ber_int_t msgid;
+
+ ldap_pvt_thread_mutex_lock( &lc->lc_mutex );
+ if ( !lc->bound ) {
+#ifdef LDAP_BACK_PROXY_AUTHZ
+ int gotit = 0;
+#if 0
+ /*
+ * FIXME: we need to let clients use proxyAuthz
+ * otherwise we cannot do symmetric pools of servers;
+ * we have to live with the fact that a user can
+ * authorize itself as any ID that is allowed
+ * by the saslAuthzTo directive of the "proxyauthzdn".
+ */
+ /*
+ * NOTE: current Proxy Authorization specification
+ * and implementation do not allow proxy authorization
+ * control to be provided with Bind requests
+ */
+ gotit = op->o_proxy_authz;
+#endif
+
+ /*
+ * if no bind took place yet, but the connection is bound
+ * and the "proxyauthzdn" is set, then bind as
+ * "proxyauthzdn" and explicitly add the proxyAuthz
+ * control to every operation with the dn bound
+ * to the connection as control value.
+ */
+ if ( ( lc->bound_dn.bv_val == NULL || lc->bound_dn.bv_len == 0 )
+ && ( op->o_conn && op->o_conn->c_dn.bv_val != NULL && op->o_conn->c_dn.bv_len != 0 )
+ && ( li->proxyauthzdn.bv_val != NULL && li->proxyauthzdn.bv_len != 0 )
+ && ! gotit ) {
+ rs->sr_err = ldap_sasl_bind(lc->ld, li->proxyauthzdn.bv_val,
+ LDAP_SASL_SIMPLE, &li->proxyauthzpw, NULL, NULL, &msgid);
+
+ } else
+#endif /* LDAP_BACK_PROXY_AUTHZ */
+ {
+ rs->sr_err = ldap_sasl_bind(lc->ld, lc->bound_dn.bv_val,
+ LDAP_SASL_SIMPLE, &lc->cred, NULL, NULL, &msgid);
+ }
+
+ rc = ldap_back_op_result( lc, op, rs, msgid, 0 );
+ if (rc == LDAP_SUCCESS) {
+ lc->bound = 1;