char *ptr;
if ( li->idassert_authmethod != LDAP_AUTH_NONE ) {
+ ber_len_t len = bv.bv_len
+ + STRLENOF( "flags=override,non-prescriptive" );
+
switch ( li->idassert_mode ) {
case LDAP_BACK_IDASSERT_OTHERID:
case LDAP_BACK_IDASSERT_OTHERDN:
(void)lutil_strcopy( ptr, "authz=native" );
}
- if ( li->idassert_flags & LDAP_BACK_AUTH_OVERRIDE ) {
- ber_len_t len = bv.bv_len + STRLENOF( "flags=override" );
+ /* flags */
+ if ( !BER_BVISEMPTY( &bv ) ) {
+ len += STRLENOF( " " );
+ }
- if ( !BER_BVISEMPTY( &bv ) ) {
- len += STRLENOF( " " );
- }
+ bv.bv_val = ch_realloc( bv.bv_val, len + 1 );
- bv.bv_val = ch_realloc( bv.bv_val, len + 1 );
+ ptr = &bv.bv_val[ bv.bv_len ];
- ptr = bv.bv_val + bv.bv_len;
+ if ( !BER_BVISEMPTY( &bv ) ) {
+ ptr = lutil_strcopy( ptr, " " );
+ }
- if ( !BER_BVISEMPTY( &bv ) ) {
- ptr = lutil_strcopy( ptr, " " );
- }
+ ptr = lutil_strcopy( ptr, "flags=" );
- (void)lutil_strcopy( ptr, "flags=override" );
+ if ( li->idassert_flags & LDAP_BACK_AUTH_PRESCRIPTIVE ) {
+ ptr = lutil_strcopy( ptr, "prescriptive" );
+ } else {
+ ptr = lutil_strcopy( ptr, "non-prescriptive" );
}
- }
+ if ( li->idassert_flags & LDAP_BACK_AUTH_OVERRIDE ) {
+ ptr = lutil_strcopy( ptr, ",override" );
+ }
+ bv.bv_len = ( ptr - bv.bv_val );
+ /* end-of-flags */
+ }
bindconf_unparse( &li->idassert_sb, &bc );
/* NOTE: don't worry about locking: if we got here,
* other threads are suspended. */
avl_free( li->conntree, ldap_back_conn_free );
+ li->conntree = NULL;
break;
if ( strcasecmp( c->argv[ i ], "override" ) == 0 ) {
li->idassert_flags |= LDAP_BACK_AUTH_OVERRIDE;
+ } else if ( strcasecmp( c->argv[ i ], "prescriptive" ) == 0 ) {
+ li->idassert_flags |= LDAP_BACK_AUTH_PRESCRIPTIVE;
+
+ } else if ( strcasecmp( c->argv[ i ], "non-prescriptive" ) == 0 ) {
+ li->idassert_flags &= ( ~LDAP_BACK_AUTH_PRESCRIPTIVE );
+
} else {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: unknown flag #%d "
if ( strcasecmp( flags[ j ], "override" ) == 0 ) {
li->idassert_flags |= LDAP_BACK_AUTH_OVERRIDE;
+ } else if ( strcasecmp( flags[ j ], "prescriptive" ) == 0 ) {
+ li->idassert_flags |= LDAP_BACK_AUTH_PRESCRIPTIVE;
+
+ } else if ( strcasecmp( flags[ j ], "non-prescriptive" ) == 0 ) {
+ li->idassert_flags &= ( ~LDAP_BACK_AUTH_PRESCRIPTIVE );
+
} else {
fprintf( stderr, "%s: %d: "
"\"idassert-bind <args>\": "
if (rs->sr_err != LDAP_SUCCESS) {
rs->sr_err = slap_map_api2result( rs );
}
+
+ if ( lc != NULL ) {
+ ldap_back_release_conn( &op2, rs, lc );
+ }
+
} else {
/* else just do the same as before */
bv = (struct berval *) ch_malloc( sizeof(struct berval) );