*/
#include "portable.h"
-#include "slapi_common.h"
#include <stdio.h>
#include "ldap_pvt.h"
#include "slap.h"
+#ifdef LDAP_SLAPI
#include "slapi.h"
+#endif
int
struct berval cred = { 0, NULL };
Backend *be = NULL;
+#ifdef LDAP_SLAPI
Slapi_PBlock *pb = op->o_pb;
+#endif
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, ENTRY, "do_bind: conn %d\n", conn->c_connid, 0, 0 );
/* log authorization identity demotion */
if ( conn->c_dn.bv_len ) {
Statslog( LDAP_DEBUG_STATS,
- "conn=%lu op=%lu AUTHZ anonymous mech=implicit ssf=0",
+ "conn=%lu op=%lu BIND anonymous mech=implicit ssf=0",
op->o_connid, op->o_opid, 0, 0, 0 );
}
* }
*
* SaslCredentials ::= SEQUENCE {
- * mechanism LDAPString,
- * credentials OCTET STRING OPTIONAL
+ * mechanism LDAPString,
+ * credentials OCTET STRING OPTIONAL
* }
*/
version < LDAP_VERSION3 )
{
send_ldap_result( conn, op, rc = LDAP_PROTOCOL_ERROR,
- NULL, "requested protocol version not allowed", NULL, NULL );
+ NULL, "historical protocol version requested, use LDAPv3 instead",
+ NULL, NULL );
goto cleanup;
}
/* log authorization identity */
Statslog( LDAP_DEBUG_STATS,
- "conn=%lu op=%lu AUTHZ dn=\"%s\" mech=%s ssf=%d\n",
+ "conn=%lu op=%lu BIND dn=\"%s\" mech=%s ssf=%d\n",
op->o_connid, op->o_opid,
conn->c_dn.bv_val ? conn->c_dn.bv_val : "<empty>",
conn->c_authmech.bv_val, ssf );
{
/* DN is not empty, disallow */
rc = LDAP_UNWILLING_TO_PERFORM;
- text = "unwilling to allow anonymous bind with non-empty DN";
+ text = "unauthenticated bind (DN with no password) disallowed";
} else if ( global_disallows & SLAP_DISALLOW_BIND_ANON ) {
/* disallow */
slapi_x_operation_set_pb( pb, op );
slapi_pblock_set( pb, SLAPI_BIND_TARGET, (void *)dn.bv_val );
slapi_pblock_set( pb, SLAPI_BIND_METHOD, (void *)method );
- slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)(1) );
+ slapi_pblock_set( pb, SLAPI_BIND_CREDENTIALS, (void *)&cred );
+ slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)(0) );
rc = doPluginFNs( be, SLAPI_PLUGIN_PRE_BIND_FN, pb );
if ( rc != SLAPI_BIND_SUCCESS ) {
int ldapRc;
if ( slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void *)&ldapRc ) != 0 )
- ldapRc = LDAP_OPERATIONS_ERROR;
+ ldapRc = LDAP_OTHER;
edn.bv_val = NULL;
edn.bv_len = 0;
}
/* log authorization identity */
Statslog( LDAP_DEBUG_STATS,
- "conn=%lu op=%lu AUTHZ dn=\"%s\" mech=simple (SLAPI) ssf=0\n",
+ "conn=%lu op=%lu BIND dn=\"%s\" mech=simple (SLAPI) ssf=0\n",
op->o_connid, op->o_opid,
conn->c_dn.bv_val, 0, 0 );
ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
if ( be->be_bind ) {
int ret;
- /* deref suffix alias if appropriate */
- suffix_alias( be, &ndn );
-
ret = (*be->be_bind)( be, conn, op,
&pdn, &ndn, method, &cred, &edn );
/* log authorization identity */
Statslog( LDAP_DEBUG_STATS,
- "conn=%lu op=%lu AUTHZ dn=\"%s\" mech=simple ssf=0\n",
+ "conn=%lu op=%lu BIND dn=\"%s\" mech=simple ssf=0\n",
op->o_connid, op->o_opid,
conn->c_dn.bv_val, conn->c_authmech.bv_val, 0 );