add 'rebind-as-user' according to back-ldap's implementation

[openldap] / servers / slapd / back-meta / bind.c

diff --git a/servers/slapd/back-meta/bind.c b/servers/slapd/back-meta/bind.c
index b3e67fdeedbe11534ac3468ad61154675fa7168f..272ecb901a11133392ffea90d19c5dd441e00fe4 100644 (file)
--- a/servers/slapd/back-meta/bind.c
+++ b/servers/slapd/back-meta/bind.c
@@ -77,6 +77,8 @@
 #include "../back-ldap/back-ldap.h"
 #include "back-meta.h"
 
+static LDAP_REBIND_PROC        meta_back_rebind;
+
 static int
 meta_back_do_single_bind(
                struct metainfo         *li,
@@ -293,6 +295,15 @@ meta_back_do_single_bind(
                lc->conns[ candidate ].bound = META_BOUND;
                lc->bound_target = candidate;
 
+               if ( li->savecred ) {
+                       if ( lc->conns[ candidate ].cred.bv_val )
+                               ch_free( lc->conns[ candidate ].cred.bv_val );
+                       ber_dupbv( &lc->conns[ candidate ].cred, cred );
+                       ldap_set_rebind_proc( lc->conns[ candidate ].ld, 
+                                       meta_back_rebind, 
+                                       &lc->conns[ candidate ] );
+               }
+
                if ( li->cache.ttl != META_DNCACHE_DISABLED
                                && ndn->bv_len != 0 ) {
                        ( void )meta_dncache_update_entry( &li->cache,
@@ -428,6 +439,21 @@ meta_back_is_valid( struct metaconn *lc, int candidate )
        return 0;
 }
 
+/*
+ * meta_back_rebind
+ *
+ * This is a callback used for chasing referrals using the same
+ * credentials as the original user on this session.
+ */
+static int 
+meta_back_rebind( LDAP *ld, LDAP_CONST char *url, ber_tag_t request,
+       ber_int_t msgid, void *params )
+{
+       struct metasingleconn *lc = params;
+
+       return ldap_bind_s( ld, lc->bound_dn.bv_val, lc->cred.bv_val, LDAP_AUTH_SIMPLE );
+}
+
 /*
  * FIXME: error return must be handled in a cleaner way ...
  */