ITS#5138 don't scan past the sequence of attributes

[openldap] / servers / slapd / back-ldap / bind.c

diff --git a/servers/slapd/back-ldap/bind.c b/servers/slapd/back-ldap/bind.c
index 02485e8c1a6df05f3cf96284eaef41200fd23ee6..eb3d49703b20f02acb6a5296f94625228998f7bb 100644 (file)
--- a/servers/slapd/back-ldap/bind.c
+++ b/servers/slapd/back-ldap/bind.c
@@ -1462,7 +1462,7 @@ retry:;
                        if ( op->o_callback == &cb )
                                op->o_callback = cb.sc_next;
                        op->o_tag = o_tag;
-                       rs->sr_text = "Internal proxy bind failure";
+                       rs->sr_text = "Proxy can't contact remote server";
                        send_ldap_result( op, rs );
                }
 
@@ -2249,7 +2249,8 @@ ldap_back_proxy_authz_ctrl(
         * but if it is not set this test fails.  We need a different
         * means to detect if idassert is enabled */
        if ( ( BER_BVISNULL( &si->si_bc.sb_authcId ) || BER_BVISEMPTY( &si->si_bc.sb_authcId ) )
-                       && ( BER_BVISNULL( &si->si_bc.sb_binddn ) || BER_BVISEMPTY( &si->si_bc.sb_binddn ) ) )
+               && ( BER_BVISNULL( &si->si_bc.sb_binddn ) || BER_BVISEMPTY( &si->si_bc.sb_binddn ) )
+               && BER_BVISNULL( &si->si_bc.sb_saslmech ) )
        {
                goto done;
        }