+ if( (rc = get_ctrls( conn, op, 1 )) != LDAP_SUCCESS ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "operation", LDAP_LEVEL_INFO,
+ "do_bind: conn %d get_ctrls failed\n", conn->c_connid ));
+#else
+ Debug( LDAP_DEBUG_ANY, "do_bind: get_ctrls failed\n", 0, 0, 0 );
+#endif
+ goto cleanup;
+ }
+
+ rc = dnPrettyNormal( NULL, &dn, &pdn, &ndn );
+ if ( rc != LDAP_SUCCESS ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "operation", LDAP_LEVEL_INFO,
+ "do_bind: conn %d invalid dn (%s)\n",
+ conn->c_connid, dn.bv_val ));
+#else
+ Debug( LDAP_DEBUG_ANY, "bind: invalid dn (%s)\n",
+ dn.bv_val, 0, 0 );
+#endif
+ send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, NULL,
+ "invalid DN", NULL, NULL );
+ goto cleanup;
+ }
+
+ if( method == LDAP_AUTH_SASL ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "operation", LDAP_LEVEL_DETAIL1,
+ "do_sasl_bind: conn %d dn (%s) mech %s\n", conn->c_connid,
+ pdn.bv_val, mech.bv_val ));
+#else
+ Debug( LDAP_DEBUG_TRACE, "do_sasl_bind: dn (%s) mech %s\n",
+ pdn.bv_val, mech.bv_val, NULL );
+#endif
+
+ } else {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "operation", LDAP_LEVEL_DETAIL1,
+ "do_bind: conn %d version=%ld dn=\"%s\" method=%ld\n",
+ conn->c_connid, (unsigned long) version,
+ pdn.bv_val, (unsigned long)method ));
+#else
+ Debug( LDAP_DEBUG_TRACE,
+ "do_bind: version=%ld dn=\"%s\" method=%ld\n",
+ (unsigned long) version,
+ pdn.bv_val, (unsigned long) method );
+#endif
+ }
+
+ Statslog( LDAP_DEBUG_STATS, "conn=%ld op=%d BIND dn=\"%s\" method=%ld\n",
+ op->o_connid, op->o_opid, pdn.bv_val, (unsigned long) method, 0 );
+
+ if ( version < LDAP_VERSION_MIN || version > LDAP_VERSION_MAX ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "operation", LDAP_LEVEL_INFO,
+ "do_bind: conn %d unknown version = %ld\n",
+ conn->c_connid, (unsigned long)version ));
+#else
+ Debug( LDAP_DEBUG_ANY, "do_bind: unknown version=%ld\n",
+ (unsigned long) version, 0, 0 );
+#endif
+ send_ldap_result( conn, op, rc = LDAP_PROTOCOL_ERROR,
+ NULL, "requested protocol version not supported", NULL, NULL );
+ goto cleanup;
+
+ } else if (!( global_allows & SLAP_ALLOW_BIND_V2 ) &&
+ version < LDAP_VERSION3 )
+ {
+ send_ldap_result( conn, op, rc = LDAP_PROTOCOL_ERROR,
+ NULL, "requested protocol version not allowed", NULL, NULL );
+ goto cleanup;
+ }
+
+ /* we set connection version regardless of whether bind succeeds
+ * or not.
+ */
+ ldap_pvt_thread_mutex_lock( &conn->c_mutex );
+ conn->c_protocol = version;
+ ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
+
+ /* check for inappropriate controls */
+ if( get_manageDSAit( op ) == SLAP_CRITICAL_CONTROL ) {
+ send_ldap_result( conn, op,
+ rc = LDAP_UNAVAILABLE_CRITICAL_EXTENSION,
+ NULL, "manageDSAit control inappropriate",
+ NULL, NULL );
+ goto cleanup;
+ }
+
+ if ( method == LDAP_AUTH_SASL ) {
+ slap_ssf_t ssf = 0;
+
+ if ( version < LDAP_VERSION3 ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "operation", LDAP_LEVEL_INFO,
+ "do_bind: conn %d sasl with LDAPv%ld\n",
+ conn->c_connid, (unsigned long)version ));
+#else
+ Debug( LDAP_DEBUG_ANY, "do_bind: sasl with LDAPv%ld\n",
+ (unsigned long) version, 0, 0 );
+#endif
+ send_ldap_disconnect( conn, op,
+ LDAP_PROTOCOL_ERROR, "SASL bind requires LDAPv3" );
+ rc = SLAPD_DISCONNECT;
+ goto cleanup;