cleanup bind

[openldap] / servers / slapd / saslauthz.c

diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c
index 6726639f043b8ad58d9a37407477a2650a576d89..775979bf1dc0914d952d2e16b375d8cb069de927 100644 (file)
--- a/servers/slapd/saslauthz.c
+++ b/servers/slapd/saslauthz.c
@@ -474,6 +474,7 @@ int slap_sasl_match(Connection *conn, struct berval *rule, struct berval *assert
        op.o_callback = &cb;
        op.o_time = slap_get_time();
        op.o_do_not_cache = 1;
+       op.o_is_auth_check = 1;
        op.o_threadctx = conn->c_sasl_bindop->o_threadctx;
 
        (*be->be_search)( be, conn, &op, /*base=*/NULL, &searchbase,
@@ -634,7 +635,9 @@ void slap_sasl2dn( Connection *conn,
        op.o_callback = &cb;
        op.o_time = slap_get_time();
        op.o_do_not_cache = 1;
-       op.o_threadctx = conn->c_sasl_bindop->o_threadctx;
+       op.o_is_auth_check = 1;
+       op.o_threadctx = conn->c_sasl_bindop ? conn->c_sasl_bindop->o_threadctx:
+               ldap_pvt_thread_pool_context( &connection_pool );
 
        (*be->be_search)( be, conn, &op, NULL, &dn,
                scope, LDAP_DEREF_NEVER, 1, 0,
@@ -692,7 +695,7 @@ int slap_sasl_authorized( Connection *conn,
        }
 
        /* Allow the manager to authorize as any DN. */
-       if( be_isroot( conn->c_authz_backend, authcDN )) {
+       if( conn->c_authz_backend && be_isroot( conn->c_authz_backend, authcDN )) {
                rc = LDAP_SUCCESS;
                goto DONE;
        }