added tcp keepalive support to back-ldap

[openldap] / servers / slapd / back-ldap / bind.c

diff --git a/servers/slapd/back-ldap/bind.c b/servers/slapd/back-ldap/bind.c
index 03c54e473f0c3b64aa75c9f7501234cee3afff84..45f228a2824c2a6145b94dd583db241449d4a8da 100644 (file)
--- a/servers/slapd/back-ldap/bind.c
+++ b/servers/slapd/back-ldap/bind.c
@@ -2,7 +2,7 @@
 /* $OpenLDAP$ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2012 The OpenLDAP Foundation.
+ * Copyright 1999-2013 The OpenLDAP Foundation.
  * Portions Copyright 2000-2003 Pierangelo Masarati.
  * Portions Copyright 1999-2003 Howard Chu.
  * All rights reserved.
@@ -716,6 +716,9 @@ ldap_back_prepare_conn( ldapconn_t *lc, Operation *op, SlapReply *rs, ldap_back_
                ldap_set_option( ld, LDAP_OPT_NETWORK_TIMEOUT, (const void *)&tv );
        }
 
+       /* turn on network keepalive, if configured so */
+       slap_client_keepalive(ld, &li->li_tls.sb_keepalive); 
+
 #ifdef HAVE_TLS
        if ( LDAP_BACK_CONN_ISPRIV( lc ) ) {
                /* See "rationale" comment in ldap_back_getconn() */
@@ -1066,6 +1069,7 @@ retry_lock:
                ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex );
 
                LDAP_BACK_CONN_ISBOUND_CLEAR( lc );
+               lc->lc_connid = li->li_conn_nextid++;
 
                assert( lc->lc_refcnt == 1 );
 
@@ -1580,7 +1584,6 @@ retry:;
        rc = ldap_back_op_result( lc, op, rs, msgid,
                -1, ( sendok | LDAP_BACK_BINDING ) );
        if ( rc == LDAP_SUCCESS ) {
-               op->o_conn->c_authz_cookie = op->o_bd->be_private;
                LDAP_BACK_CONN_ISBOUND_SET( lc );
        }
 
@@ -2115,6 +2118,18 @@ ldap_back_is_proxy_authz( Operation *op, SlapReply *rs, ldap_back_send_t sendok,
                ndn = op->o_ndn;
        }
 
+       if ( !( li->li_idassert_flags & LDAP_BACK_AUTH_OVERRIDE )) {
+               if ( op->o_tag == LDAP_REQ_BIND ) {
+                       if ( !BER_BVISEMPTY( &ndn )) {
+                               dobind = 0;
+                               goto done;
+                       }
+               } else if ( SLAP_IS_AUTHZ_BACKEND( op )) {
+                       dobind = 0;
+                       goto done;
+               }
+       }
+
        switch ( li->li_idassert_mode ) {
        case LDAP_BACK_IDASSERT_LEGACY:
                if ( !BER_BVISNULL( &ndn ) && !BER_BVISEMPTY( &ndn ) ) {
@@ -2398,7 +2413,6 @@ ldap_back_proxy_authz_bind(
                                ber_bvreplace( &lc->lc_bound_ndn, &bv );
                        }
 #endif /* SLAP_AUTH_DN */
-                       op->o_conn->c_authz_cookie = op->o_bd->be_private;
                        LDAP_BACK_CONN_ISBOUND_SET( lc );
                        break;
 
@@ -2469,7 +2483,6 @@ ldap_back_proxy_authz_bind(
                 * so that referral chasing is attempted using the right
                 * identity */
                LDAP_BACK_CONN_ISBOUND_SET( lc );
-               op->o_conn->c_authz_cookie = op->o_bd->be_private;
                if ( !BER_BVISNULL( binddn ) ) {
                        ber_bvreplace( &lc->lc_bound_ndn, binddn );
                }