]> git.sur5r.net Git - openldap/blobdiff - servers/slapd/back-meta/conn.c
projects / openldap / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Don't set bi_db_config since we have no config options
[openldap] / servers / slapd / back-meta / conn.c
diff --git a/servers/slapd/back-meta/conn.c b/servers/slapd/back-meta/conn.c
index 168ae855d575c681ad897b019c450cbf138cb122..7fa6ce65b95bba29003f7a24c3ba4fc200112ccd 100644 (file)
--- a/servers/slapd/back-meta/conn.c
+++ b/servers/slapd/back-meta/conn.c
@@ -1,7 +1,7 @@
 /* $OpenLDAP$ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2010 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * Portions Copyright 1999-2003 Howard Chu.
  * All rights reserved.
@@ -139,12 +139,31 @@ meta_back_conndn_dup(
  * Debug stuff (got it from libavl)
  */
 #if META_BACK_PRINT_CONNTREE > 0
+static void
+meta_back_print( metaconn_t *mc, char *avlstr )
+{
+       int     i;
+
+       fputs( "targets=[", stderr );
+       for ( i = 0; i < mc->mc_info->mi_ntargets; i++ ) {
+               fputc( mc->mc_conns[ i ].msc_ld ? '*' : 'o', stderr);
+       }
+       fputc( ']', stderr );
+
+       fprintf( stderr, " mc=%p local=\"%s\" conn=%p refcnt=%d%s %s\n",
+               (void *)mc,
+               mc->mc_local_ndn.bv_val ? mc->mc_local_ndn.bv_val : "",
+               (void *)mc->mc_conn,
+               mc->mc_refcnt,
+               LDAP_BACK_CONN_TAINTED( mc ) ? " tainted" : "",
+               avlstr );
+}
+
 static void
 meta_back_ravl_print( Avlnode *root, int depth )
 {
        int             i;
-       metaconn_t      *mc;
-       
+
        if ( root == 0 ) {
                return;
        }
@@ -154,15 +173,11 @@ meta_back_ravl_print( Avlnode *root, int depth )
        for ( i = 0; i < depth; i++ ) {
                fprintf( stderr, "-" );
        }
+       fputc( ' ', stderr );
+
+       meta_back_print( (metaconn_t *)root->avl_data,
+               avl_bf2str( root->avl_bf ) );
 
-       mc = (metaconn_t *)root->avl_data;
-       fprintf( stderr, "mc=%p local=\"%s\" conn=%p %s refcnt=%d%s\n",
-               (void *)mc,
-               mc->mc_local_ndn.bv_val ? mc->mc_local_ndn.bv_val : "",
-               (void *)mc->mc_conn,
-               avl_bf2str( root->avl_bf ), mc->mc_refcnt,
-               LDAP_BACK_CONN_TAINTED( mc ) ? " tainted" : "" );
-       
        meta_back_ravl_print( root->avl_left, depth + 1 );
 }
 
@@ -192,11 +207,8 @@ meta_back_print_conntree( metainfo_t *mi, char *msg )
 
                LDAP_TAILQ_FOREACH( mc, &mi->mi_conn_priv[ c ].mic_priv, mc_q )
                {
-                       fprintf( stderr, "    [%d] mc=%p local=\"%s\" conn=%p refcnt=%d flags=0x%08x\n",
-                               i,
-                               (void *)mc,
-                               mc->mc_local_ndn.bv_val ? mc->mc_local_ndn.bv_val : "",
-                               (void *)mc->mc_conn, mc->mc_refcnt, mc->msc_mscflags );
+                       fprintf( stderr, "    [%d] ", i );
+                       meta_back_print( mc, "" );
                        i++;
                }
        }
@@ -277,30 +289,37 @@ meta_back_init_one_conn(
         * don't return the connection */
        if ( mt->mt_isquarantined ) {
                slap_retry_info_t       *ri = &mt->mt_quarantine;
-               int                     dont_retry = 1;
+               int                     dont_retry = 0;
+
+               if ( mt->mt_quarantine.ri_interval ) {
+                       ldap_pvt_thread_mutex_lock( &mt->mt_quarantine_mutex );
+                       dont_retry = ( mt->mt_isquarantined > LDAP_BACK_FQ_NO );
+                       if ( dont_retry ) {
+                               dont_retry = ( ri->ri_num[ ri->ri_idx ] == SLAP_RETRYNUM_TAIL
+                                       || slap_get_time() < ri->ri_last + ri->ri_interval[ ri->ri_idx ] );
+                               if ( !dont_retry ) {
+                                       if ( LogTest( LDAP_DEBUG_ANY ) ) {
+                                               char    buf[ SLAP_TEXT_BUFLEN ];
+
+                                               snprintf( buf, sizeof( buf ),
+                                                       "meta_back_init_one_conn[%d]: quarantine "
+                                                       "retry block #%d try #%d",
+                                                       candidate, ri->ri_idx, ri->ri_count );
+                                               Debug( LDAP_DEBUG_ANY, "%s %s.\n",
+                                                       op->o_log_prefix, buf, 0 );
+                                       }
 
-               if ( mt->mt_isquarantined == LDAP_BACK_FQ_YES ) {
-                       dont_retry = ( ri->ri_num[ ri->ri_idx ] == SLAP_RETRYNUM_TAIL
-                               || slap_get_time() < ri->ri_last + ri->ri_interval[ ri->ri_idx ] );
-                       if ( !dont_retry ) {
-                               if ( LogTest( LDAP_DEBUG_ANY ) ) {
-                                       char    buf[ SLAP_TEXT_BUFLEN ];
-
-                                       snprintf( buf, sizeof( buf ),
-                                               "meta_back_init_one_conn[%d]: quarantine "
-                                               "retry block #%d try #%d",
-                                               candidate, ri->ri_idx, ri->ri_count );
-                                       Debug( LDAP_DEBUG_ANY, "%s %s.\n",
-                                               op->o_log_prefix, buf, 0 );
+                                       mt->mt_isquarantined = LDAP_BACK_FQ_RETRYING;
                                }
 
-                               mt->mt_isquarantined = LDAP_BACK_FQ_RETRYING;
                        }
+                       ldap_pvt_thread_mutex_unlock( &mt->mt_quarantine_mutex );
                }
 
                if ( dont_retry ) {
                        rs->sr_err = LDAP_UNAVAILABLE;
                        if ( op->o_conn && ( sendok & LDAP_BACK_SENDERR ) ) {
+                               rs->sr_text = "Target is quarantined";
                                send_ldap_result( op, rs );
                        }
                        return rs->sr_err;
@@ -336,6 +355,7 @@ retry_lock:;
 
                /* sounds more appropriate */
                rs->sr_err = LDAP_BUSY;
+               rs->sr_text = "No connections to target are available";
                do_return = 1;
 
        } else if ( META_BACK_CONN_INITED( msc ) ) {
@@ -355,7 +375,10 @@ retry_lock:;
        }
 
        if ( do_return ) {
-               if ( rs->sr_err != LDAP_SUCCESS && op->o_conn && ( sendok & LDAP_BACK_SENDERR ) ) {
+               if ( rs->sr_err != LDAP_SUCCESS
+                       && op->o_conn
+                       && ( sendok & LDAP_BACK_SENDERR ) )
+               {
                        send_ldap_result( op, rs );
                }
 
@@ -395,12 +418,14 @@ retry_lock:;
 
        /* automatically chase referrals ("chase-referrals [{yes|no}]" statement) */
        ldap_set_option( msc->msc_ld, LDAP_OPT_REFERRALS,
-               LDAP_BACK_CHASE_REFERRALS( mi ) ? LDAP_OPT_ON : LDAP_OPT_OFF );
+               META_BACK_TGT_CHASE_REFERRALS( mt ) ? LDAP_OPT_ON : LDAP_OPT_OFF );
 
 #ifdef HAVE_TLS
        /* start TLS ("tls [try-]{start|propagate}" statement) */
-       if ( ( LDAP_BACK_USE_TLS( mi ) || ( op->o_conn->c_is_tls && LDAP_BACK_PROPAGATE_TLS( mi ) ) )
-                       && !is_ldaps )
+       if ( ( META_BACK_TGT_USE_TLS( mt )
+               || ( op->o_conn->c_is_tls
+                       && META_BACK_TGT_PROPAGATE_TLS( mt ) ) )
+               && !is_ldaps )
        {
 #ifdef SLAP_STARTTLS_ASYNCHRONOUS
                /*
@@ -447,14 +472,14 @@ retry:;
                                struct berval   *data = NULL;
 
                                /* NOTE: right now, data is unused, so don't get it */
-                               rs->sr_err = ldap_parse_extended_result( msc->msc_ld, res,
-                                               NULL, NULL /* &data */ , 0 );
+                               rs->sr_err = ldap_parse_extended_result( msc->msc_ld,
+                                       res, NULL, NULL /* &data */ , 0 );
                                if ( rs->sr_err == LDAP_SUCCESS ) {
                                        int             err;
 
                                        /* FIXME: matched? referrals? response controls? */
-                                       rs->sr_err = ldap_parse_result( msc->msc_ld, res,
-                                               &err, NULL, NULL, NULL, NULL, 1 );
+                                       rs->sr_err = ldap_parse_result( msc->msc_ld,
+                                               res, &err, NULL, NULL, NULL, NULL, 1 );
                                        res = NULL;
 
                                        if ( rs->sr_err == LDAP_SUCCESS ) {
@@ -471,14 +496,12 @@ retry:;
                                        } else if ( rs->sr_err == LDAP_REFERRAL ) {
                                                /* FIXME: LDAP_OPERATIONS_ERROR? */
                                                rs->sr_err = LDAP_OTHER;
-                                               rs->sr_text = "unwilling to chase referral returned by Start TLS exop";
+                                               rs->sr_text = "Unwilling to chase referral "
+                                                       "returned by Start TLS exop";
                                        }
 
                                        if ( data ) {
-                                               if ( data->bv_val ) {
-                                                       ber_memfree( data->bv_val );
-                                               }
-                                               ber_memfree( data );
+                                               ber_bvfree( data );
                                        }
                                }
 
@@ -502,12 +525,16 @@ retry:;
                 * of misconfiguration, but also when used in the chain 
                 * overlay, where the "uri" can be parsed out of a referral */
                if ( rs->sr_err == LDAP_SERVER_DOWN
-                               || ( rs->sr_err != LDAP_SUCCESS && LDAP_BACK_TLS_CRITICAL( mi ) ) )
+                       || ( rs->sr_err != LDAP_SUCCESS
+                               && META_BACK_TGT_TLS_CRITICAL( mt ) ) )
                {
 
 #ifdef DEBUG_205
-                       Debug( LDAP_DEBUG_ANY, "### %s meta_back_init_one_conn(TLS) ldap_unbind_ext[%d] ld=%p\n",
-                               op->o_log_prefix, candidate, (void *)msc->msc_ld );
+                       Debug( LDAP_DEBUG_ANY,
+                               "### %s meta_back_init_one_conn(TLS) "
+                               "ldap_unbind_ext[%d] ld=%p\n",
+                               op->o_log_prefix, candidate,
+                               (void *)msc->msc_ld );
 #endif /* DEBUG_205 */
 
                        /* need to trash a failed Start TLS */
@@ -576,8 +603,11 @@ retry:;
                        {
 
 #ifdef DEBUG_205
-                               Debug( LDAP_DEBUG_ANY, "### %s meta_back_init_one_conn(rewrite) ldap_unbind_ext[%d] ld=%p\n",
-                                       op->o_log_prefix, candidate, (void *)msc->msc_ld );
+                               Debug( LDAP_DEBUG_ANY,
+                                       "### %s meta_back_init_one_conn(rewrite) "
+                                       "ldap_unbind_ext[%d] ld=%p\n",
+                                       op->o_log_prefix, candidate,
+                                       (void *)msc->msc_ld );
 #endif /* DEBUG_205 */
 
                                /* need to trash a connection not fully established */
@@ -619,7 +649,6 @@ error_return:;
                rs->sr_err = slap_map_api2result( rs );
                if ( sendok & LDAP_BACK_SENDERR ) {
                        send_ldap_result( op, rs );
-                       rs->sr_text = NULL;
                }
        }
 
@@ -644,7 +673,8 @@ meta_back_retry(
        metaconn_t              *mc = *mcp;
        metasingleconn_t        *msc = &mc->mc_conns[ candidate ];
        int                     rc = LDAP_UNAVAILABLE,
-                               binding;
+                               binding,
+                               quarantine = 1;
 
        ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
 
@@ -687,6 +717,7 @@ meta_back_retry(
                }
 
                if ( rc == LDAP_SUCCESS ) {
+                       quarantine = 0;
                        rc = meta_back_single_dobind( op, rs, mcp, candidate,
                                sendok, mt->mt_nretries, 0 );
 
@@ -733,7 +764,7 @@ meta_back_retry(
                         * let the caller do what's best before
                         * releasing */
                        if ( META_BACK_ONERR_STOP( mi ) ) {
-                               meta_back_release_conn_lock( op, mc, 0 );
+                               meta_back_release_conn_lock( mi, mc, 0 );
                                *mcp = NULL;
 
                        } else {
@@ -749,8 +780,7 @@ meta_back_retry(
                                                LDAP_TAILQ_REMOVE( &mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_priv,
                                                        mc, mc_q );
                                                mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_num--;
-                                               mc->mc_q.tqe_prev = NULL;
-                                               mc->mc_q.tqe_next = NULL;
+                                               LDAP_TAILQ_ENTRY_INIT( mc, mc_q );
 
                                        } else {
                                                assert( !LDAP_BACK_CONN_CACHED( mc ) );
@@ -771,12 +801,12 @@ meta_back_retry(
 
                if ( sendok & LDAP_BACK_SENDERR ) {
                        rs->sr_err = rc;
-                       rs->sr_text = NULL;
+                       rs->sr_text = "Unable to retry";
                        send_ldap_result( op, rs );
                }
        }
 
-       if ( META_BACK_TGT_QUARANTINE( mt ) ) {
+       if ( quarantine && META_BACK_TGT_QUARANTINE( mt ) ) {
                meta_back_quarantine( op, rs, candidate );
        }
 
@@ -830,10 +860,9 @@ meta_back_get_candidate(
         */
        if ( candidate == META_TARGET_NONE ) {
                rs->sr_err = LDAP_NO_SUCH_OBJECT;
-               rs->sr_text = "no suitable candidate target found";
+               rs->sr_text = "No suitable candidate target found";
 
        } else if ( candidate == META_TARGET_MULTIPLE ) {
-               Filter          f = { 0 };
                Operation       op2 = *op;
                SlapReply       rs2 = { 0 };
                slap_callback   cb2 = { 0 };
@@ -852,10 +881,8 @@ meta_back_get_candidate(
                op2.ors_slimit = 1;
                op2.ors_tlimit = SLAP_NO_LIMIT;
 
-               f.f_choice = LDAP_FILTER_PRESENT;
-               f.f_desc = slap_schema.si_ad_objectClass;
-               op2.ors_filter = &f;
-               BER_BVSTR( &op2.ors_filterstr, "(objectClass=*)" );
+               op2.ors_filter = (Filter *)slap_filter_objectClass_pres;
+               op2.ors_filterstr = *slap_filterstr_objectClass_pres;
 
                op2.o_callback = &cb2;
                cb2.sc_response = meta_back_conn_cb;
@@ -883,7 +910,7 @@ meta_back_get_candidate(
 
                        } else {
                                rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
-                               rs->sr_text = "cannot select unique candidate target";
+                               rs->sr_text = "Unable to select unique candidate target";
                        }
                        break;
                }
@@ -935,7 +962,8 @@ meta_back_candidates_get( Operation *op )
                        data = (void *)mc;
                        ldap_pvt_thread_pool_setkey( op->o_threadctx,
                                        &meta_back_candidates_dummy, data,
-                                       meta_back_candidates_keyfree );
+                                       meta_back_candidates_keyfree,
+                                       NULL, NULL );
 
                } else {
                        mi->mi_candidates = mc;
@@ -996,7 +1024,7 @@ meta_back_getconn(
 {
        metainfo_t      *mi = ( metainfo_t * )op->o_bd->be_private;
        metaconn_t      *mc = NULL,
-                       mc_curr = { 0 };
+                       mc_curr = {{ 0 }};
        int             cached = META_TARGET_NONE,
                        i = META_TARGET_NONE,
                        err = LDAP_SUCCESS,
@@ -1016,17 +1044,28 @@ meta_back_getconn(
        SlapReply       *candidates = meta_back_candidates_get( op );
 
        /* Internal searches are privileged and shared. So is root. */
-       /* FIXME: there seems to be concurrency issues */
-       if ( META_BACK_PROXYAUTHZ_ALWAYS( mi ) || op->o_do_not_cache || be_isroot( op ) ) {
-               mc_curr.mc_local_ndn = op->o_bd->be_rootndn;
+       if ( ( !BER_BVISEMPTY( &op->o_ndn ) && META_BACK_PROXYAUTHZ_ALWAYS( mi ) )
+               || ( BER_BVISEMPTY( &op->o_ndn ) && META_BACK_PROXYAUTHZ_ANON( mi ) )
+               || op->o_do_not_cache || be_isroot( op ) )
+       {
                LDAP_BACK_CONN_ISPRIV_SET( &mc_curr );
+               mc_curr.mc_local_ndn = op->o_bd->be_rootndn;
                LDAP_BACK_PCONN_ROOTDN_SET( &mc_curr, op );
 
+       } else if ( BER_BVISEMPTY( &op->o_ndn ) && META_BACK_PROXYAUTHZ_NOANON( mi ) )
+       {
+               LDAP_BACK_CONN_ISANON_SET( &mc_curr );
+               BER_BVSTR( &mc_curr.mc_local_ndn, "" );
+               LDAP_BACK_PCONN_ANON_SET( &mc_curr, op );
+
        } else {
                mc_curr.mc_local_ndn = op->o_ndn;
 
                /* Explicit binds must not be shared */
-               if ( op->o_tag == LDAP_REQ_BIND || SLAP_IS_AUTHZ_BACKEND( op ) ) {
+               if ( !BER_BVISEMPTY( &op->o_ndn )
+                       || op->o_tag == LDAP_REQ_BIND
+                       || SLAP_IS_AUTHZ_BACKEND( op ) )
+               {
                        mc_curr.mc_conn = op->o_conn;
        
                } else {
@@ -1036,7 +1075,10 @@ meta_back_getconn(
        }
 
        /* Explicit Bind requests always get their own conn */
-       if ( !( sendok & LDAP_BACK_BINDING ) ) {
+       if ( sendok & LDAP_BACK_BINDING ) {
+               mc_curr.mc_conn = op->o_conn;
+
+       } else {
                /* Searches for a metaconn in the avl tree */
 retry_lock:;
                ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
@@ -1057,8 +1099,7 @@ retry_lock:;
                                {
                                        LDAP_TAILQ_REMOVE( &mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_priv,
                                                mc, mc_q );
-                                       mc->mc_q.tqe_prev = NULL;
-                                       mc->mc_q.tqe_next = NULL;
+                                       LDAP_TAILQ_ENTRY_INIT( mc, mc_q );
                                        LDAP_TAILQ_INSERT_TAIL( &mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_priv,
                                                mc, mc_q );
                                }
@@ -1109,8 +1150,7 @@ retry_lock:;
                                                        LDAP_TAILQ_REMOVE( &mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_priv,
                                                                mc, mc_q );
                                                        mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_num--;
-                                                       mc->mc_q.tqe_prev = NULL;
-                                                       mc->mc_q.tqe_next = NULL;
+                                                       LDAP_TAILQ_ENTRY_INIT( mc, mc_q );
 
                                                } else {
                                                        assert( !LDAP_BACK_CONN_CACHED( mc ) );
@@ -1128,8 +1168,14 @@ retry_lock:;
                                        LDAP_BACK_CONN_TAINTED_SET( mc );
                                        LDAP_BACK_CONN_CACHED_CLEAR( mc );
 
-                                       Debug( LDAP_DEBUG_TRACE, "%s meta_back_getconn: mc=%p conn=%ld expired (tainted).\n",
-                                               op->o_log_prefix, (void *)mc, LDAP_BACK_PCONN_ID( mc ) );
+                                       if ( LogTest( LDAP_DEBUG_TRACE ) ) {
+                                               char buf[STRLENOF("4294967295U") + 1] = { 0 };
+                                               mi->mi_ldap_extra->connid2str( &mc->mc_base, buf, sizeof(buf) );
+
+                                               Debug( LDAP_DEBUG_TRACE,
+                                                       "%s meta_back_getconn: mc=%p conn=%s expired (tainted).\n",
+                                                       op->o_log_prefix, (void *)mc, buf );
+                                       }
                                }
 
                                mc->mc_refcnt++;
@@ -1156,7 +1202,8 @@ retry_lock:;
 
        case LDAP_REQ_BIND:
                /* if bound as rootdn, the backend must bind to all targets
-                * with the administrative identity */
+                * with the administrative identity
+                * (unless pseoudoroot-bind-defer is TRUE) */
                if ( op->orb_method == LDAP_AUTH_SIMPLE && be_isroot_pw( op ) ) {
                        op_type = META_OP_REQUIRE_ALL;
                }
@@ -1214,6 +1261,9 @@ retry_lock:;
                                rs, mc, i, LDAP_BACK_CONN_ISPRIV( &mc_curr ),
                                LDAP_BACK_DONTSEND, !new_conn );
                        if ( candidates[ i ].sr_err == LDAP_SUCCESS ) {
+                               if ( new_conn && ( sendok & LDAP_BACK_BINDING ) ) {
+                                       LDAP_BACK_CONN_BINDING_SET( &mc->mc_conns[ i ] );
+                               }
                                META_CANDIDATE_SET( &candidates[ i ] );
                                ncandidates++;
        
@@ -1236,7 +1286,7 @@ retry_lock:;
                                meta_back_conn_free( mc );
 
                        } else {
-                               meta_back_release_conn( op, mc );
+                               meta_back_release_conn( mi, mc );
                        }
 
                        rs->sr_err = LDAP_NO_SUCH_OBJECT;
@@ -1247,7 +1297,6 @@ retry_lock:;
                                        rs->sr_matched = op->o_bd->be_suffix[ 0 ].bv_val;
                                }
                                send_ldap_result( op, rs );
-                               rs->sr_text = NULL;
                                rs->sr_matched = NULL;
                        }
 
@@ -1287,7 +1336,7 @@ retry_lock:;
        
                        if ( i < 0 || rs->sr_err != LDAP_SUCCESS ) {
                                if ( mc != NULL ) {
-                                       meta_back_release_conn( op, mc );
+                                       meta_back_release_conn( mi, mc );
                                }
 
                                if ( sendok & LDAP_BACK_SENDERR ) {
@@ -1295,7 +1344,6 @@ retry_lock:;
                                                rs->sr_matched = op->o_bd->be_suffix[ 0 ].bv_val;
                                        }
                                        send_ldap_result( op, rs );
-                                       rs->sr_text = NULL;
                                        rs->sr_matched = NULL;
                                }
                        
@@ -1306,14 +1354,13 @@ retry_lock:;
                if ( dn_type == META_DNTYPE_NEWPARENT && meta_back_get_candidate( op, rs, op->orr_nnewSup ) != i )
                {
                        if ( mc != NULL ) {
-                               meta_back_release_conn( op, mc );
+                               meta_back_release_conn( mi, mc );
                        }
 
                        rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
-                       rs->sr_text = "cross-target rename not supported";
+                       rs->sr_text = "Cross-target rename not supported";
                        if ( sendok & LDAP_BACK_SENDERR ) {
                                send_ldap_result( op, rs );
-                               rs->sr_text = NULL;
                        }
 
                        return NULL;
@@ -1401,11 +1448,15 @@ retry_lock2:;
                                meta_back_conn_free( mc );
 
                        } else {
-                               meta_back_release_conn( op, mc );
+                               meta_back_release_conn( mi, mc );
                        }
                        return NULL;
                }
 
+               if ( new_conn && ( sendok & LDAP_BACK_BINDING ) ) {
+                       LDAP_BACK_CONN_BINDING_SET( &mc->mc_conns[ i ] );
+               }
+
                candidates[ i ].sr_err = LDAP_SUCCESS;
                META_CANDIDATE_SET( &candidates[ i ] );
                ncandidates++;
@@ -1451,9 +1502,9 @@ retry_lock2:;
                                int lerr = meta_back_init_one_conn( op, rs, mc, i,
                                        LDAP_BACK_CONN_ISPRIV( &mc_curr ),
                                        LDAP_BACK_DONTSEND, !new_conn );
+                               candidates[ i ].sr_err = lerr;
                                if ( lerr == LDAP_SUCCESS ) {
                                        META_CANDIDATE_SET( &candidates[ i ] );
-                                       candidates[ i ].sr_err = LDAP_SUCCESS;
                                        ncandidates++;
 
                                        Debug( LDAP_DEBUG_TRACE, "%s: meta_back_getconn[%d]\n",
@@ -1461,7 +1512,6 @@ retry_lock2:;
 
                                } else if ( lerr == LDAP_UNAVAILABLE && !META_BACK_ONERR_STOP( mi ) ) {
                                        META_CANDIDATE_SET( &candidates[ i ] );
-                                       candidates[ i ].sr_err = LDAP_UNAVAILABLE;
 
                                        Debug( LDAP_DEBUG_TRACE, "%s: meta_back_getconn[%d] %s\n",
                                                op->o_log_prefix, i,
@@ -1478,7 +1528,6 @@ retry_lock2:;
                                                ( void )meta_clear_one_candidate( op, mc, i );
                                        }
                                        /* leave the target candidate, but record the error for later use */
-                                       candidates[ i ].sr_err = lerr;
                                        err = lerr;
 
                                        if ( lerr == LDAP_UNAVAILABLE && mt->mt_isquarantined != LDAP_BACK_FQ_NO ) {
@@ -1493,20 +1542,18 @@ retry_lock2:;
                                        if ( META_BACK_ONERR_STOP( mi ) ) {
                                                if ( sendok & LDAP_BACK_SENDERR ) {
                                                        send_ldap_result( op, rs );
-                                                       rs->sr_text = NULL;
                                                }
                                                if ( new_conn ) {
                                                        mc->mc_refcnt = 0;
                                                        meta_back_conn_free( mc );
 
                                                } else {
-                                                       meta_back_release_conn( op, mc );
+                                                       meta_back_release_conn( mi, mc );
                                                }
 
                                                return NULL;
                                        }
 
-                                       rs->sr_text = NULL;
                                        continue;
                                }
 
@@ -1523,7 +1570,7 @@ retry_lock2:;
                                meta_back_conn_free( mc );
 
                        } else {
-                               meta_back_release_conn( op, mc );
+                               meta_back_release_conn( mi, mc );
                        }
 
                        if ( rs->sr_err == LDAP_SUCCESS ) {
@@ -1536,7 +1583,6 @@ retry_lock2:;
                                        rs->sr_matched = op->o_bd->be_suffix[ 0 ].bv_val;
                                }
                                send_ldap_result( op, rs );
-                               rs->sr_text = NULL;
                                rs->sr_matched = NULL;
                        }
 
@@ -1567,6 +1613,7 @@ done:;
                meta_back_print_conntree( mi, ">>> meta_back_getconn" );
 #endif /* META_BACK_PRINT_CONNTREE */
 
+               err = 0;
                if ( LDAP_BACK_PCONN_ISPRIV( mc ) ) {
                        if ( mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_num < mi->mi_conn_priv_max ) {
                                LDAP_TAILQ_INSERT_TAIL( &mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_priv, mc, mc_q );
@@ -1578,14 +1625,14 @@ done:;
                        }
                        rs->sr_err = 0;
 
-               } else {
+               } else if ( !( sendok & LDAP_BACK_BINDING ) ) {
                        err = avl_insert( &mi->mi_conninfo.lai_tree, ( caddr_t )mc,
                                meta_back_conndn_cmp, meta_back_conndn_dup );
                        LDAP_BACK_CONN_CACHED_SET( mc );
                }
 
 #if META_BACK_PRINT_CONNTREE > 0
-               meta_back_print_conntree( mi, ">>> meta_back_getconn" );
+               meta_back_print_conntree( mi, "<<< meta_back_getconn" );
 #endif /* META_BACK_PRINT_CONNTREE */
                ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
 
@@ -1613,34 +1660,45 @@ done:;
 
                        default:
                                LDAP_BACK_CONN_CACHED_CLEAR( mc );
-                               Debug( LDAP_DEBUG_ANY,
-                                       "%s meta_back_getconn: candidates=%d conn=%ld insert failed\n",
-                                       op->o_log_prefix, ncandidates,
-                                       LDAP_BACK_PCONN_ID( mc ) );
+                               if ( LogTest( LDAP_DEBUG_ANY ) ) {
+                                       char buf[STRLENOF("4294967295U") + 1] = { 0 };
+                                       mi->mi_ldap_extra->connid2str( &mc->mc_base, buf, sizeof(buf) );
+
+                                       Debug( LDAP_DEBUG_ANY,
+                                               "%s meta_back_getconn: candidates=%d conn=%s insert failed\n",
+                                               op->o_log_prefix, ncandidates, buf );
+                               }
        
                                mc->mc_refcnt = 0;      
                                meta_back_conn_free( mc );
 
                                rs->sr_err = LDAP_OTHER;
-                               rs->sr_text = "proxy bind collision";
+                               rs->sr_text = "Proxy bind collision";
                                if ( sendok & LDAP_BACK_SENDERR ) {
                                        send_ldap_result( op, rs );
-                                       rs->sr_text = NULL;
                                }
                                return NULL;
                        }
                }
 
-               Debug( LDAP_DEBUG_TRACE,
-                       "%s meta_back_getconn: candidates=%d conn=%ld inserted\n",
-                       op->o_log_prefix, ncandidates,
-                       LDAP_BACK_PCONN_ID( mc ) );
+               if ( LogTest( LDAP_DEBUG_TRACE ) ) {
+                       char buf[STRLENOF("4294967295U") + 1] = { 0 };
+                       mi->mi_ldap_extra->connid2str( &mc->mc_base, buf, sizeof(buf) );
+
+                       Debug( LDAP_DEBUG_TRACE,
+                               "%s meta_back_getconn: candidates=%d conn=%s inserted\n",
+                               op->o_log_prefix, ncandidates, buf );
+               }
 
        } else {
-               Debug( LDAP_DEBUG_TRACE,
-                       "%s meta_back_getconn: candidates=%d conn=%ld fetched\n",
-                       op->o_log_prefix, ncandidates,
-                       LDAP_BACK_PCONN_ID( mc ) );
+               if ( LogTest( LDAP_DEBUG_TRACE ) ) {
+                       char buf[STRLENOF("4294967295U") + 1] = { 0 };
+                       mi->mi_ldap_extra->connid2str( &mc->mc_base, buf, sizeof(buf) );
+
+                       Debug( LDAP_DEBUG_TRACE,
+                               "%s meta_back_getconn: candidates=%d conn=%s fetched\n",
+                               op->o_log_prefix, ncandidates, buf );
+               }
        }
 
        return mc;
@@ -1648,12 +1706,10 @@ done:;
 
 void
 meta_back_release_conn_lock(
-               Operation               *op,
+               metainfo_t              *mi,
        metaconn_t              *mc,
        int                     dolock )
 {
-       metainfo_t      *mi = ( metainfo_t * )op->o_bd->be_private;
-
        assert( mc != NULL );
 
        if ( dolock ) {
@@ -1667,9 +1723,7 @@ meta_back_release_conn_lock(
         * that are not privileged would live forever and pollute
         * the connection space (and eat up resources).  Maybe this
         * should be configurable... */
-       if ( LDAP_BACK_CONN_TAINTED( mc ) ) {
-               Debug( LDAP_DEBUG_TRACE, "%s meta_back_release_conn: mc=%p conn=%ld tainted.\n",
-                       op->o_log_prefix, (void *)mc, LDAP_BACK_PCONN_ID( mc ) );
+       if ( LDAP_BACK_CONN_TAINTED( mc ) || !LDAP_BACK_CONN_CACHED( mc ) ) {
 #if META_BACK_PRINT_CONNTREE > 0
                meta_back_print_conntree( mi, ">>> meta_back_release_conn" );
 #endif /* META_BACK_PRINT_CONNTREE */
@@ -1678,27 +1732,22 @@ meta_back_release_conn_lock(
                        if ( mc->mc_q.tqe_prev != NULL ) {
                                assert( LDAP_BACK_CONN_CACHED( mc ) );
                                assert( mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_num > 0 );
-                               mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_num--;
                                LDAP_TAILQ_REMOVE( &mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_priv, mc, mc_q );
+                               mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_num--;
+                               LDAP_TAILQ_ENTRY_INIT( mc, mc_q );
 
                        } else {
                                assert( !LDAP_BACK_CONN_CACHED( mc ) );
                        }
-                       mc->mc_q.tqe_prev = NULL;
-                       mc->mc_q.tqe_next = NULL;
 
-               } else {
+               } else if ( LDAP_BACK_CONN_CACHED( mc ) ) {
                        metaconn_t      *tmpmc;
 
                        tmpmc = avl_delete( &mi->mi_conninfo.lai_tree,
                                ( caddr_t )mc, meta_back_conndnmc_cmp );
 
-                       if ( tmpmc == NULL ) {
-                               Debug( LDAP_DEBUG_TRACE, "%s: meta_back_release_conn: unable to find mc=%p\n",
-                                       op->o_log_prefix, (void *)mc, 0 );
-                       } else {
-                               assert( tmpmc == mc );
-                       }
+                       /* Overparanoid, but useful... */
+                       assert( tmpmc == NULL || tmpmc == mc );
                }
 
                LDAP_BACK_CONN_CACHED_CLEAR( mc );
Cloned from git://git.openldap.org/openldap.git