X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fback-ldap%2Fgroup.c;h=199ead103aa31add76f8c66389e677ade1ca0667;hb=bf35f8e37fa2516daa02a8c607dd2326b2be40e9;hp=284ca4716582a3c715ef67d028edfa7d63f1a05d;hpb=6939c531700652491f4be4688c6a1f35a1ab8a18;p=openldap

diff --git a/servers/slapd/back-ldap/group.c b/servers/slapd/back-ldap/group.c
index 284ca47165..199ead103a 100644
--- a/servers/slapd/back-ldap/group.c
+++ b/servers/slapd/back-ldap/group.c
@@ -33,13 +33,13 @@ ldap_back_group(
 )
 {
 	struct ldapinfo *li = (struct ldapinfo *) be->be_private;    
-	int rc = 1;
+	struct ldapconn *lc;
+	int rc = 1, oc;
 	Attribute   *attr;
 
 	LDAPMessage	*result;
 	char *gattr[2];
 	char *filter = NULL, *ptr;
-	LDAP *ld;
 	struct berval mop_ndn = { 0, NULL }, mgr_ndn = { 0, NULL };
 
 	AttributeDescription *ad_objectClass = slap_schema.si_ad_objectClass;
@@ -82,7 +82,7 @@ ldap_back_group(
 			 * attribute has not been required
 			 */
 			if ((attr = attr_find(target->e_attrs, group_at)) != NULL) {
-				if( value_find_ex( group_at, SLAP_MR_VALUE_NORMALIZED_MATCH,
+				if( value_find_ex( group_at, SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
 					attr->a_vals, op_ndn ) != LDAP_SUCCESS )
 					return(1);
 				return(0);
@@ -154,11 +154,13 @@ ldap_back_group(
 	}
 #endif /* !ENABLE_REWRITE */
 
-	ldap_back_map(&li->oc_map, &group_oc_name, &group_oc_name, 0);
-	if (group_oc_name.bv_val == NULL)
+	ldap_back_map(&li->oc_map, &group_oc_name, &group_oc_name,
+			BACKLDAP_MAP);
+	if (group_oc_name.bv_val == NULL || group_oc_name.bv_val[0] == '\0')
 		goto cleanup;
-	ldap_back_map(&li->at_map, &group_at_name, &group_at_name, 0);
-	if (group_at_name.bv_val == NULL)
+	ldap_back_map(&li->at_map, &group_at_name, &group_at_name,
+			BACKLDAP_MAP);
+	if (group_at_name.bv_val == NULL || group_at_name.bv_val[0] == '\0')
 		goto cleanup;
 
 	filter = ch_malloc(sizeof("(&(objectclass=)(=))")
@@ -168,14 +170,15 @@ ldap_back_group(
 	if (filter == NULL)
 		goto cleanup;
 
-	if (ldap_initialize(&ld, li->url) != LDAP_SUCCESS) {
-		goto cleanup;
-	}
-
-	if (ldap_bind_s(ld, li->binddn, li->bindpw, LDAP_AUTH_SIMPLE)
-			!= LDAP_SUCCESS) {
+	/* Tell getconn this is a privileged op */
+	oc = op->o_do_not_cache;
+	op->o_do_not_cache = 1;
+	lc = ldap_back_getconn(li, conn, op);
+	if ( !lc || !ldap_back_dobind( li, lc, NULL, op ) ) {
+		op->o_do_not_cache = oc;
 		goto cleanup;
 	}
+	op->o_do_not_cache = oc;
 
 	ptr = lutil_strcopy(filter, "(&(objectclass=");
 	ptr = lutil_strcopy(ptr, group_oc_name.bv_val);
@@ -187,18 +190,15 @@ ldap_back_group(
 
 	gattr[0] = "objectclass";
 	gattr[1] = NULL;
-	if (ldap_search_ext_s(ld, mgr_ndn.bv_val, LDAP_SCOPE_BASE, filter,
+	if (ldap_search_ext_s(lc->ld, mgr_ndn.bv_val, LDAP_SCOPE_BASE, filter,
 		gattr, 0, NULL, NULL, LDAP_NO_LIMIT,
 		LDAP_NO_LIMIT, &result) == LDAP_SUCCESS) {
-		if (ldap_first_entry(ld, result) != NULL)
+		if (ldap_first_entry(lc->ld, result) != NULL)
 			rc = 0;
 		ldap_msgfree(result);
 	}
 
 cleanup:;
-	if ( ld != NULL ) {
-		ldap_unbind(ld);
-	}
 	ch_free(filter);
 	if ( mop_ndn.bv_val != op_ndn->bv_val ) {
 		free( mop_ndn.bv_val );