int rc = LDAP_SUCCESS;
const char *text;
struct berval cred = { 0, NULL };
- Backend *be;
+ Backend *be = NULL;
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ENTRY, "do_bind: conn %d\n", conn->c_connid, 0, 0 );
goto cleanup;
}
+ /* Set the bindop for the benefit of in-directory SASL lookups */
+ conn->c_sasl_bindop = op;
+
if ( method == LDAP_AUTH_SASL ) {
slap_ssf_t ssf = 0;
ldap_pvt_thread_mutex_lock( &conn->c_mutex );
if ( conn->c_sasl_bind_in_progress ) {
- if((ber_bvcmp(&conn->c_sasl_bind_mech, &mech) != 0)) {
+ if( !bvmatch( &conn->c_sasl_bind_mech, &mech ) ) {
/* mechanism changed between bind steps */
slap_sasl_reset(conn);
}
}
if( conn->c_dn.bv_len != 0 ) {
- ber_len_t max = sockbuf_max_incoming;
+ ber_len_t max = sockbuf_max_incoming_auth;
ber_sockbuf_ctrl( conn->c_sb,
LBER_SB_OPT_SET_MAX_INCOMING, &max );
}
+#ifdef NEW_LOGGING
+ LDAP_LOG( OPERATION, DETAIL1,
+ "do_bind: SASL/%s bind: dn=\"%s\" ssf=%d\n",
+ conn->c_authmech.bv_val, conn->c_dn.bv_val, ssf );
+#else
+ Debug( LDAP_DEBUG_TRACE,
+ "do_bind: SASL/%s bind: dn=\"%s\" ssf=%d\n",
+ conn->c_authmech.bv_val, conn->c_dn.bv_val, ssf );
+#endif
+
} else if ( rc == LDAP_SASL_BIND_IN_PROGRESS ) {
conn->c_sasl_bind_in_progress = 1;
goto cleanup;
} else if (( global_disallows & SLAP_DISALLOW_BIND_SIMPLE_UNPROTECTED )
- && ( op->o_ssf < global_ssf_set.sss_ssf ))
+ && ( op->o_ssf <= 1 ))
{
rc = LDAP_CONFIDENTIALITY_REQUIRED;
text = "unwilling to perform simple authentication "
ndn.bv_len = 0;
if( conn->c_dn.bv_len != 0 ) {
- ber_len_t max = sockbuf_max_incoming;
+ ber_len_t max = sockbuf_max_incoming_auth;
ber_sockbuf_ctrl( conn->c_sb,
LBER_SB_OPT_SET_MAX_INCOMING, &max );
}
}
cleanup:
+ conn->c_sasl_bindop = NULL;
+
if( pdn.bv_val != NULL ) {
free( pdn.bv_val );
}