+ }
+
+ if ( method == LDAP_AUTH_SIMPLE ) {
+ /* accept "anonymous" binds */
+ if ( cred.bv_len == 0 || ndn.bv_len == 0 ) {
+ rc = LDAP_SUCCESS;
+ text = NULL;
+
+ if( cred.bv_len &&
+ !( global_allows & SLAP_ALLOW_BIND_ANON_CRED ))
+ {
+ /* cred is not empty, disallow */
+ rc = LDAP_INVALID_CREDENTIALS;
+
+ } else if ( ndn.bv_len &&
+ !( global_allows & SLAP_ALLOW_BIND_ANON_DN ))
+ {
+ /* DN is not empty, disallow */
+ rc = LDAP_UNWILLING_TO_PERFORM;
+ text = "unwilling to allow anonymous bind with non-empty DN";
+
+ } else if ( global_disallows & SLAP_DISALLOW_BIND_ANON ) {
+ /* disallow */
+ rc = LDAP_INAPPROPRIATE_AUTH;
+ text = "anonymous bind disallowed";
+
+ } else {
+ rc = backend_check_restrictions( NULL, conn, op, mech.bv_val, &text );
+ }
+
+ /*
+ * we already forced connection to "anonymous",
+ * just need to send success
+ */
+ send_ldap_result( conn, op, rc,
+ NULL, text, NULL, NULL );
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "operation", LDAP_LEVEL_DETAIL1,
+ "do_bind: conn %d v%d anonymous bind\n",
+ conn->c_connid, version ));
+#else
+ Debug( LDAP_DEBUG_TRACE, "do_bind: v%d anonymous bind\n",
+ version, 0, 0 );
+#endif
+ goto cleanup;
+
+ } else if ( global_disallows & SLAP_DISALLOW_BIND_SIMPLE ) {
+ /* disallow simple authentication */
+ rc = LDAP_UNWILLING_TO_PERFORM;
+ text = "unwilling to perform simple authentication";
+
+ send_ldap_result( conn, op, rc,
+ NULL, text, NULL, NULL );
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "operation", LDAP_LEVEL_INFO,
+ "do_bind: conn %d v%d simple bind(%s) disallowed\n",
+ conn->c_connid, version, ndn.bv_val ));
+#else
+ Debug( LDAP_DEBUG_TRACE,
+ "do_bind: v%d simple bind(%s) disallowed\n",
+ version, ndn.bv_val, 0 );
+#endif
+ goto cleanup;
+ }