-{
- if ( be_isroot_pw( be, dn, cred ) ) {
- /* front end will send result */
- return( 0 );
- }
- send_ldap_result( conn, op, LDAP_INVALID_CREDENTIALS,
- NULL, NULL );
- cache_return_entry( &li->li_cache, e );
- return( 1 );
+ goto return_results;
+ }
+
+ if ( is_entry_referral( e ) ) {
+ /* entry is a referral, don't allow bind */
+ Debug( LDAP_DEBUG_TRACE, "entry is referral\n", 0, 0, 0 );
+
+ rc = LDAP_INVALID_CREDENTIALS;
+ goto return_results;
+ }
+
+ switch ( op->oq_bind.rb_method ) {
+ case LDAP_AUTH_SIMPLE:
+ if ( (a = attr_find( e->e_attrs, password )) == NULL ) {
+ /* stop front end from sending result */
+ rc = LDAP_INVALID_CREDENTIALS;
+ goto return_results;
+ }
+
+ if ( slap_passwd_check( op, e, a, &op->oq_bind.rb_cred,
+ &rs->sr_text ) != 0 )
+ {
+ /* failure; stop front end from sending result */
+ rc = LDAP_INVALID_CREDENTIALS;
+ goto return_results;