X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fback-ldap%2Fbind.c;h=eb3d49703b20f02acb6a5296f94625228998f7bb;hb=5cd816f4eb2fc09a59cc53267c731d91badcae97;hp=e5878a2cbd965e22919dc4042d9be6f46356faa6;hpb=b95e40f56f62a4bce8b75bd724e01b77d433607b;p=openldap

diff --git a/servers/slapd/back-ldap/bind.c b/servers/slapd/back-ldap/bind.c
index e5878a2cbd..eb3d49703b 100644
--- a/servers/slapd/back-ldap/bind.c
+++ b/servers/slapd/back-ldap/bind.c
@@ -1462,7 +1462,7 @@ retry:;
 			if ( op->o_callback == &cb )
 				op->o_callback = cb.sc_next;
 			op->o_tag = o_tag;
-			rs->sr_text = "Internal proxy bind failure";
+			rs->sr_text = "Proxy can't contact remote server";
 			send_ldap_result( op, rs );
 		}
 
@@ -2249,7 +2249,8 @@ ldap_back_proxy_authz_ctrl(
 	 * but if it is not set this test fails.  We need a different
 	 * means to detect if idassert is enabled */
 	if ( ( BER_BVISNULL( &si->si_bc.sb_authcId ) || BER_BVISEMPTY( &si->si_bc.sb_authcId ) )
-			&& ( BER_BVISNULL( &si->si_bc.sb_binddn ) || BER_BVISEMPTY( &si->si_bc.sb_binddn ) ) )
+		&& ( BER_BVISNULL( &si->si_bc.sb_binddn ) || BER_BVISEMPTY( &si->si_bc.sb_binddn ) )
+		&& BER_BVISNULL( &si->si_bc.sb_saslmech ) )
 	{
 		goto done;
 	}
@@ -2393,11 +2394,14 @@ ldap_back_proxy_authz_ctrl(
 		goto done;
 	}
 
+	ctrl->ldctl_oid = LDAP_CONTROL_PROXY_AUTHZ;
+
 	switch ( si->si_mode ) {
 	/* already in u:ID or dn:DN form */
 	case LDAP_BACK_IDASSERT_OTHERID:
 	case LDAP_BACK_IDASSERT_OTHERDN:
 		ber_dupbv_x( &ctrl->ldctl_value, &assertedID, op->o_tmpmemctx );
+		rs->sr_err = LDAP_SUCCESS;
 		break;
 
 	/* needs the dn: prefix */
@@ -2408,6 +2412,7 @@ ldap_back_proxy_authz_ctrl(
 		AC_MEMCPY( ctrl->ldctl_value.bv_val, "dn:", STRLENOF( "dn:" ) );
 		AC_MEMCPY( &ctrl->ldctl_value.bv_val[ STRLENOF( "dn:" ) ],
 				assertedID.bv_val, assertedID.bv_len + 1 );
+		rs->sr_err = LDAP_SUCCESS;
 		break;
 	}
 
@@ -2435,6 +2440,8 @@ ldap_back_proxy_authz_ctrl(
 			goto free_ber;
 		}
 
+		rs->sr_err = LDAP_SUCCESS;
+
 free_ber:;
 		op->o_tmpfree( authzID.bv_val, op->o_tmpmemctx );
 		ber_free_buf( ber );
@@ -2475,6 +2482,9 @@ free_ber:;
 			goto free_ber2;
 		}
 
+		ctrl->ldctl_oid = LDAP_CONTROL_OBSOLETE_PROXY_AUTHZ;
+		rs->sr_err = LDAP_SUCCESS;
+
 free_ber2:;
 		op->o_tmpfree( authzID.bv_val, op->o_tmpmemctx );
 		ber_free_buf( ber );
@@ -2482,8 +2492,6 @@ free_ber2:;
 		if ( rs->sr_err != LDAP_SUCCESS ) {
 			goto done;
 		}
-
-		ctrl->ldctl_oid = LDAP_CONTROL_OBSOLETE_PROXY_AUTHZ;
 	}
 
 done:;