+ if ( method == LDAP_AUTH_SIMPLE ) {
+ /* accept "anonymous" binds */
+ if ( cred.bv_len == 0 || ndn.bv_len == 0 ) {
+ rc = LDAP_SUCCESS;
+ text = NULL;
+
+ if( cred.bv_len &&
+ !( global_allows & SLAP_ALLOW_BIND_ANON_CRED ))
+ {
+ /* cred is not empty, disallow */
+ rc = LDAP_INVALID_CREDENTIALS;
+
+ } else if ( ndn.bv_len &&
+ !( global_allows & SLAP_ALLOW_BIND_ANON_DN ))
+ {
+ /* DN is not empty, disallow */
+ rc = LDAP_UNWILLING_TO_PERFORM;
+ text = "unwilling to allow anonymous bind with non-empty DN";
+
+ } else if ( global_disallows & SLAP_DISALLOW_BIND_ANON ) {
+ /* disallow */
+ rc = LDAP_INAPPROPRIATE_AUTH;
+ text = "anonymous bind disallowed";
+
+ } else {
+ rc = backend_check_restrictions( NULL, conn, op,
+ &mech, &text );
+ }
+
+ /*
+ * we already forced connection to "anonymous",
+ * just need to send success
+ */
+ send_ldap_result( conn, op, rc,
+ NULL, text, NULL, NULL );
+#ifdef NEW_LOGGING
+ LDAP_LOG( OPERATION, DETAIL1,
+ "do_bind: conn %d v%d anonymous bind\n",
+ conn->c_connid, version , 0 );
+#else
+ Debug( LDAP_DEBUG_TRACE, "do_bind: v%d anonymous bind\n",
+ version, 0, 0 );