rearrange quarantine handling during proxyAuthz bind; bind anonymously if no bindmeth...

diff --git a/servers/slapd/back-ldap/bind.c b/servers/slapd/back-ldap/bind.c
index 0f39c24c03d2724f62a32c911ae6590512ec46b9..9b7fa5f4ad463f181a80fe16af9ab888be8852ee 100644 (file)
--- a/servers/slapd/back-ldap/bind.c
+++ b/servers/slapd/back-ldap/bind.c
@@ -1059,6 +1059,11 @@ retry_lock:;
                } else {
                        LDAP_BACK_CONN_ISBOUND_SET( lc );
                }
+
+               if ( LDAP_BACK_QUARANTINE( li ) ) {
+                       ldap_back_quarantine( op, rs, dolock );
+               }
+
                goto done;
        }
 #endif /* HAVE_CYRUS_SASL */
@@ -1109,15 +1114,15 @@ retry:;
                        }
                }
 
-               if ( LDAP_BACK_QUARANTINE( li ) ) {
-                       ldap_back_quarantine( op, rs, dolock );
-               }
-
                /* FIXME: one binding-- too many? */
                lc->lc_binding--;
                ldap_back_freeconn( op, lc, dolock );
                rs->sr_err = slap_map_api2result( rs );
 
+               if ( LDAP_BACK_QUARANTINE( li ) ) {
+                       ldap_back_quarantine( op, rs, dolock );
+               }
+
                return 0;
        }
 
@@ -1127,10 +1132,6 @@ retry:;
        }
 
 done:;
-       if ( LDAP_BACK_QUARANTINE( li ) ) {
-               ldap_back_quarantine( op, rs, dolock );
-       }
-
        lc->lc_binding--;
        LDAP_BACK_CONN_BINDING_CLEAR( lc );
        rc = LDAP_BACK_CONN_ISBOUND( lc );
@@ -1664,8 +1665,9 @@ ldap_back_proxy_authz_bind( ldapconn_t *lc, Operation *op, SlapReply *rs, ldap_b
 
        switch ( li->li_idassert_authmethod ) {
        case LDAP_AUTH_NONE:
-               rc = LDAP_SUCCESS;
-               break;
+               BER_BVSTR( &binddn, "" );
+               BER_BVSTR( &bindcred, "" );
+               /* fallthru */
 
        case LDAP_AUTH_SIMPLE:
                rs->sr_err = ldap_sasl_bind( lc->lc_ld,