X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fback-ldap%2Fsearch.c;h=b28b694945465d0d48e14ef0ec102a208982645c;hb=2000f771f6a7a8beb389c1a7b6f03afe8ff6ac98;hp=094d76ec424a6910565514df592667e29972d1a3;hpb=4f4590f110bea406dd09e8fff5caea832274fa61;p=openldap

diff --git a/servers/slapd/back-ldap/search.c b/servers/slapd/back-ldap/search.c
index 094d76ec42..b28b694945 100644
--- a/servers/slapd/back-ldap/search.c
+++ b/servers/slapd/back-ldap/search.c
@@ -2,7 +2,7 @@
 /* $OpenLDAP$ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2013 The OpenLDAP Foundation.
+ * Copyright 1999-2015 The OpenLDAP Foundation.
  * Portions Copyright 1999-2003 Howard Chu.
  * Portions Copyright 2000-2003 Pierangelo Masarati.
  * All rights reserved.
@@ -338,7 +338,7 @@ retry:
 
 		} else {
 			/* only touch when activity actually took place... */
-			if ( li->li_idle_timeout && lc ) {
+			if ( li->li_idle_timeout ) {
 				lc->lc_time = op->o_time;
 			}
 
@@ -645,6 +645,13 @@ finish:;
 		ldap_back_release_conn( li, lc );
 	}
 
+	if ( rs->sr_err == LDAP_UNAVAILABLE &&
+		/* if we originally bound and wanted rebind-as-user, must drop
+		 * the connection now because we just discarded the credentials.
+		 * ITS#7464, #8142
+		 */
+		LDAP_BACK_SAVECRED( li ) && SLAP_IS_AUTHZ_BACKEND( op ) )
+		rs->sr_err = SLAPD_DISCONNECT;
 	return rs->sr_err;
 }