Debug( LDAP_DEBUG_ARGS, "meta_back_bind: dn: %s.\n%s%s",
op->o_req_dn.bv_val, "", "" );
- if ( op->orb_method == LDAP_AUTH_SIMPLE && be_isroot_pw( op ) ) {
+ if ( op->orb_method == LDAP_AUTH_SIMPLE
+ && be_isroot_dn( op->o_bd, &op->o_req_ndn ) )
+ {
+ if ( !be_isroot_pw( op ) ) {
+ rs->sr_err = LDAP_INVALID_CREDENTIALS;
+ rs->sr_text = NULL;
+ send_ldap_result( op, rs );
+ return rs->sr_err;
+ }
isroot = 1;
- ber_dupbv( &op->orb_edn, be_root_dn( op->o_bd ) );
}
/* we need meta_back_getconn() not send result even on error,
}
}
- if ( isroot ) {
+ if ( isroot && rc == LDAP_SUCCESS ) {
mc->mc_auth_target = META_BOUND_ALL;
+ ber_dupbv( &op->orb_edn, be_root_dn( op->o_bd ) );
}
meta_back_release_conn( op, mc );
}
} else {
+ rs->sr_err = rc;
rc = slap_map_api2result( rs );
}
}
if ( rc != LDAP_SUCCESS ) {
- rs->sr_err = slap_map_api2result( rs );
-
Debug( LDAP_DEBUG_ANY, "%s meta_back_dobind[%d]: "
"(anonymous) err=%d\n",
op->o_log_prefix, i, rc );
* due to technical reasons (remote host down?)
* so better clear the handle
*/
- candidates[ i ].sr_tag = META_NOT_CANDIDATE;
+ /* leave the target candidate, but record the error for later use */
+ candidates[ i ].sr_err = rc;
if ( META_BACK_ONERR_STOP( mi ) ) {
bound = 0;
goto done;
int i,
rerr = LDAP_SUCCESS;
char *rmsg = NULL,
- *save_rmsg = NULL,
- *rmatch = NULL,
+ *rmatch = NULL;
+ const char *save_rmsg = NULL,
*save_rmatch = NULL;
void *rmatch_ctx = NULL;
projects / openldap / blobdiff