+ if ( method == LDAP_AUTH_SIMPLE ) {
+ /* accept "anonymous" binds */
+ if ( op->orb_cred.bv_len == 0 || op->o_req_ndn.bv_len == 0 ) {
+ rs->sr_err = LDAP_SUCCESS;
+
+ if( op->orb_cred.bv_len &&
+ !( global_allows & SLAP_ALLOW_BIND_ANON_CRED ))
+ {
+ /* cred is not empty, disallow */
+ rs->sr_err = LDAP_INVALID_CREDENTIALS;
+
+ } else if ( op->o_req_ndn.bv_len &&
+ !( global_allows & SLAP_ALLOW_BIND_ANON_DN ))
+ {
+ /* DN is not empty, disallow */
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ rs->sr_text = "unauthenticated bind (DN with no password) disallowed";
+
+ } else if ( global_disallows & SLAP_DISALLOW_BIND_ANON ) {
+ /* disallow */
+ rs->sr_err = LDAP_INAPPROPRIATE_AUTH;
+ rs->sr_text = "anonymous bind disallowed";
+
+ } else {
+ backend_check_restrictions( op, rs, &mech );
+ }
+
+ /*
+ * we already forced connection to "anonymous",
+ * just need to send success
+ */
+ send_ldap_result( op, rs );
+#ifdef NEW_LOGGING
+ LDAP_LOG( OPERATION, DETAIL1,
+ "do_bind: conn %d v%d anonymous bind\n",
+ op->o_connid, version , 0 );
+#else
+ Debug( LDAP_DEBUG_TRACE, "do_bind: v%d anonymous bind\n",
+ version, 0, 0 );
+#endif
+ goto cleanup;
+
+ } else if ( global_disallows & SLAP_DISALLOW_BIND_SIMPLE ) {
+ /* disallow simple authentication */
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ rs->sr_text = "unwilling to perform simple authentication";
+
+ send_ldap_result( op, rs );
+#ifdef NEW_LOGGING
+ LDAP_LOG( OPERATION, INFO,
+ "do_bind: conn %d v%d simple bind(%s) disallowed\n",
+ op->o_connid, version, op->o_req_ndn.bv_val );
+#else
+ Debug( LDAP_DEBUG_TRACE,
+ "do_bind: v%d simple bind(%s) disallowed\n",
+ version, op->o_req_ndn.bv_val, 0 );
+#endif
+ goto cleanup;
+
+ } else if (( global_disallows & SLAP_DISALLOW_BIND_SIMPLE_UNPROTECTED )
+ && ( op->o_ssf <= 1 ))
+ {
+ rs->sr_err = LDAP_CONFIDENTIALITY_REQUIRED;
+ rs->sr_text = "unwilling to perform simple authentication "
+ "without confidentiality protection";
+
+ send_ldap_result( op, rs );
+
+#ifdef NEW_LOGGING
+ LDAP_LOG( OPERATION, INFO, "do_bind: conn %d "
+ "v%d unprotected simple bind(%s) disallowed\n",
+ op->o_connid, version, op->o_req_ndn.bv_val );
+#else
+ Debug( LDAP_DEBUG_TRACE,
+ "do_bind: v%d unprotected simple bind(%s) disallowed\n",
+ version, op->o_req_ndn.bv_val, 0 );
+#endif
+ goto cleanup;