+ if ( op->orb_method == LDAP_AUTH_SIMPLE ) {
+ BER_BVSTR( &op->orb_mech, "SIMPLE" );
+ /* accept "anonymous" binds */
+ if ( BER_BVISEMPTY( &op->orb_cred ) || BER_BVISEMPTY( &op->o_req_ndn ) ) {
+ rs->sr_err = LDAP_SUCCESS;
+
+ if( !BER_BVISEMPTY( &op->orb_cred ) &&
+ !( global_allows & SLAP_ALLOW_BIND_ANON_CRED ))
+ {
+ /* cred is not empty, disallow */
+ rs->sr_err = LDAP_INVALID_CREDENTIALS;
+
+ } else if ( !BER_BVISEMPTY( &op->o_req_ndn ) &&
+ !( global_allows & SLAP_ALLOW_BIND_ANON_DN ))
+ {
+ /* DN is not empty, disallow */
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ rs->sr_text =
+ "unauthenticated bind (DN with no password) disallowed";
+
+ } else if ( global_disallows & SLAP_DISALLOW_BIND_ANON ) {
+ /* disallow */
+ rs->sr_err = LDAP_INAPPROPRIATE_AUTH;
+ rs->sr_text = "anonymous bind disallowed";
+
+ } else {
+ backend_check_restrictions( op, rs, &op->orb_mech );
+ }
+
+ /*
+ * we already forced connection to "anonymous",
+ * just need to send success
+ */
+ send_ldap_result( op, rs );
+ Debug( LDAP_DEBUG_TRACE, "do_bind: v%d anonymous bind\n",
+ op->o_protocol, 0, 0 );
+ goto cleanup;
+
+ } else if ( global_disallows & SLAP_DISALLOW_BIND_SIMPLE ) {
+ /* disallow simple authentication */
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ rs->sr_text = "unwilling to perform simple authentication";
+
+ send_ldap_result( op, rs );
+ Debug( LDAP_DEBUG_TRACE,
+ "do_bind: v%d simple bind(%s) disallowed\n",
+ op->o_protocol, op->o_req_ndn.bv_val, 0 );
+ goto cleanup;