X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fback-bdb%2Fbind.c;h=a7d5f2b9e33706cb38d15f57401515fbbd17891b;hb=0ac9b952c59d045f7cbc2d7f00282f365a98c9cd;hp=9ebdfe7a86c5a55147f494f589baccff8db7fb4b;hpb=bc478dee4630a37e5a222b14f36d5d6106a4867b;p=openldap

diff --git a/servers/slapd/back-bdb/bind.c b/servers/slapd/back-bdb/bind.c
index 9ebdfe7a86..a7d5f2b9e3 100644
--- a/servers/slapd/back-bdb/bind.c
+++ b/servers/slapd/back-bdb/bind.c
@@ -2,7 +2,7 @@
 /* $OpenLDAP$ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2004 The OpenLDAP Foundation.
+ * Copyright 2000-2007 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -104,7 +104,6 @@ dn2entry_retry:
 	ber_dupbv( &op->oq_bind.rb_edn, &e->e_name );
 
 	/* check for deleted */
-#ifdef BDB_SUBENTRIES
 	if ( is_entry_subentry( e ) ) {
 		/* entry is an subentry, don't allow bind */
 		Debug( LDAP_DEBUG_TRACE, "entry is subentry\n", 0,
@@ -112,7 +111,6 @@ dn2entry_retry:
 		rs->sr_err = LDAP_INVALID_CREDENTIALS;
 		goto done;
 	}
-#endif
 
 	if ( is_entry_alias( e ) ) {
 		/* entry is an alias, don't allow bind */
@@ -130,25 +128,20 @@ dn2entry_retry:
 
 	switch ( op->oq_bind.rb_method ) {
 	case LDAP_AUTH_SIMPLE:
-		rs->sr_err = access_allowed( op, e,
-			password, NULL, ACL_AUTH, NULL );
-		if ( ! rs->sr_err ) {
-			rs->sr_err = LDAP_INVALID_CREDENTIALS;
-			goto done;
-		}
-
-		if ( (a = attr_find( e->e_attrs, password )) == NULL ) {
+		a = attr_find( e->e_attrs, password );
+		if ( a == NULL ) {
 			rs->sr_err = LDAP_INVALID_CREDENTIALS;
 			goto done;
 		}
 
-		if ( slap_passwd_check( op->o_conn,
-			a, &op->oq_bind.rb_cred, &rs->sr_text ) != 0 )
+		if ( slap_passwd_check( op, e, a, &op->oq_bind.rb_cred,
+					&rs->sr_text ) != 0 )
 		{
+			/* failure; stop front end from sending result */
 			rs->sr_err = LDAP_INVALID_CREDENTIALS;
 			goto done;
 		}
-
+			
 		rs->sr_err = 0;
 		break;