return LDAP_SUCCESS;
}
- /* FIXME: how can we get the realm? */
- {
- int rc;
- char buf[ SLAP_LDAPDN_MAXLEN ];
- struct berval id,
- user = { 0, NULL },
- realm = { 0, NULL },
- mech = { 0, NULL };
-
- if ( sizeof( buf ) <= ctrl->ldctl_value.bv_len ) {
- return LDAP_INVALID_SYNTAX;
- }
-
- id.bv_len = ctrl->ldctl_value.bv_len;
- id.bv_val = buf;
- strncpy( buf, ctrl->ldctl_value.bv_val, sizeof( buf ) );
+ rc = slap_sasl_getdn( op->o_conn, op,
+ ctrl->ldctl_value.bv_val, ctrl->ldctl_value.bv_len,
+ NULL, &dn, SLAP_GETDN_AUTHZID );
- rc = slap_parse_user( &id, &user, &realm, &mech );
- if ( rc == LDAP_SUCCESS ) {
- struct berval authz = BER_BVC( "AUTHZ" );
-
- if ( mech.bv_len && !bvmatch( &mech, &authz) ) {
- rs->sr_text = "mech not allowed in authzId";
- return LDAP_PROXY_AUTHZ_FAILURE;
- }
- } else {
- user = ctrl->ldctl_value;
+ if( rc != LDAP_SUCCESS || !dn.bv_len ) {
+ if ( dn.bv_val ) {
+ ch_free( dn.bv_val );
}
+ rs->sr_text = "authzId mapping failed";
+ return LDAP_PROXY_AUTHZ_FAILURE;
- rc = slap_sasl_getdn( op->o_conn, op,
- user.bv_val, user.bv_len,
- realm.bv_val, &dn, SLAP_GETDN_AUTHZID );
-
- if( rc != LDAP_SUCCESS || !dn.bv_len ) {
- if ( dn.bv_val ) {
- ch_free( dn.bv_val );
- }
- rs->sr_text = "authzId mapping failed";
- return LDAP_PROXY_AUTHZ_FAILURE;
- }
}
#ifdef NEW_LOGGING
projects / openldap / blobdiff