fix ITS#4686 (retry with idassert)

[openldap] / servers / slapd / back-ldap / modify.c

diff --git a/servers/slapd/back-ldap/modify.c b/servers/slapd/back-ldap/modify.c
index 9e53ac2b8e74d7c522f49e0cc2f635a21c1e3d6e..57109032f7971e7e882ad5bc9ef8db0184630fae 100644 (file)
--- a/servers/slapd/back-ldap/modify.c
+++ b/servers/slapd/back-ldap/modify.c
@@ -98,6 +98,7 @@ ldap_back_modify(
        }
        modv[ i ] = 0;
 
+retry:;
        ctrls = op->o_ctrls;
        rc = ldap_back_proxy_authz_ctrl( &lc->lc_bound_ndn,
                li->li_version, &li->li_idassert, op, rs, &ctrls );
@@ -107,7 +108,6 @@ ldap_back_modify(
                goto cleanup;
        }
 
-retry:
        rs->sr_err = ldap_modify_ext( lc->lc_ld, op->o_req_dn.bv_val, modv,
                        ctrls, NULL, &msgid );
        rc = ldap_back_op_result( lc, op, rs, msgid,
@@ -116,6 +116,8 @@ retry:
        if ( rs->sr_err == LDAP_UNAVAILABLE && retrying ) {
                retrying &= ~LDAP_BACK_RETRYING;
                if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
+                       /* if the identity changed, there might be need to re-authz */
+                       (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
                        goto retry;
                }
        }