Merge remote-tracking branch 'origin/mdb.RE/0.9'

[openldap] / servers / slapd / back-ldap / search.c

diff --git a/servers/slapd/back-ldap/search.c b/servers/slapd/back-ldap/search.c
index 094d76ec424a6910565514df592667e29972d1a3..b28b694945465d0d48e14ef0ec102a208982645c 100644 (file)
--- a/servers/slapd/back-ldap/search.c
+++ b/servers/slapd/back-ldap/search.c
@@ -2,7 +2,7 @@
 /* $OpenLDAP$ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2013 The OpenLDAP Foundation.
+ * Copyright 1999-2015 The OpenLDAP Foundation.
  * Portions Copyright 1999-2003 Howard Chu.
  * Portions Copyright 2000-2003 Pierangelo Masarati.
  * All rights reserved.
@@ -338,7 +338,7 @@ retry:
 
                } else {
                        /* only touch when activity actually took place... */
-                       if ( li->li_idle_timeout && lc ) {
+                       if ( li->li_idle_timeout ) {
                                lc->lc_time = op->o_time;
                        }
 
@@ -645,6 +645,13 @@ finish:;
                ldap_back_release_conn( li, lc );
        }
 
+       if ( rs->sr_err == LDAP_UNAVAILABLE &&
+               /* if we originally bound and wanted rebind-as-user, must drop
+                * the connection now because we just discarded the credentials.
+                * ITS#7464, #8142
+                */
+               LDAP_BACK_SAVECRED( li ) && SLAP_IS_AUTHZ_BACKEND( op ) )
+               rs->sr_err = SLAPD_DISCONNECT;
        return rs->sr_err;
 }