remove experimental code as per ITS#4962 discussion

[openldap] / servers / slapd / back-bdb / bind.c

diff --git a/servers/slapd/back-bdb/bind.c b/servers/slapd/back-bdb/bind.c
index 84f3a38a0ef33ca47c4e8ed6aa0cd29b95eae216..5072dbfcf63c1b0b652564d7d0340fd97753d4fd 100644 (file)
--- a/servers/slapd/back-bdb/bind.c
+++ b/servers/slapd/back-bdb/bind.c
@@ -32,7 +32,7 @@ bdb_bind( Operation *op, SlapReply *rs )
 
        AttributeDescription *password = slap_schema.si_ad_userPassword;
 
-       u_int32_t       locker;
+       BDB_LOCKER      locker;
        DB_LOCK         lock;
 
        Debug( LDAP_DEBUG_ARGS,
@@ -40,10 +40,19 @@ bdb_bind( Operation *op, SlapReply *rs )
                op->o_req_dn.bv_val, 0, 0);
 
        /* allow noauth binds */
-       if ( op->oq_bind.rb_method == LDAP_AUTH_SIMPLE && be_isroot_pw( op )) {
-               ber_dupbv( &op->oq_bind.rb_edn, be_root_dn( op->o_bd ) );
-               /* front end will send result */
-               return LDAP_SUCCESS;
+       switch ( be_rootdn_bind( op, NULL ) ) {
+       case LDAP_SUCCESS:
+               /* frontend will send result */
+               return rs->sr_err;
+
+       default:
+               /* give the database a chanche */
+               /* NOTE: this behavior departs from that of other backends,
+                * since the others, in case of password checking failure
+                * do not give the database a chance.  If an entry with
+                * rootdn's name does not exist in the database the result
+                * will be the same.  See ITS#4962 for discussion. */
+               break;
        }
 
        rs->sr_err = LOCK_ID(bdb->bi_dbenv, &locker);