make sure bind credentials are consistent

author Quanah Gibson-Mount <quanah@openldap.org>

Thu, 10 Jun 2010 19:26:51 +0000 (19:26 +0000)

committer Quanah Gibson-Mount <quanah@openldap.org>

Thu, 10 Jun 2010 19:26:51 +0000 (19:26 +0000)
author Quanah Gibson-Mount <quanah@openldap.org>
Thu, 10 Jun 2010 19:26:51 +0000 (19:26 +0000)
committer Quanah Gibson-Mount <quanah@openldap.org>
Thu, 10 Jun 2010 19:26:51 +0000 (19:26 +0000)
diff --git a/servers/slapd/back-meta/search.c b/servers/slapd/back-meta/search.c

index ae1a4f64e4dd1f901c692cc8e1e286b43d413bea..eaa0311729c2fa2e756592df23784401acd38157 100644 (file)
--- a/servers/slapd/back-meta/search.c
+++ b/servers/slapd/back-meta/search.c
@@ -232,6 +232,21 @@ meta_search_dobind_init(
  
         assert( msc->msc_ld != NULL );
  
+       if ( !BER_BVISEMPTY( &binddn ) && BER_BVISEMPTY( &cred ) ) {
+               /* bind anonymously? */
+               Debug( LDAP_DEBUG_ANY, "%s meta_search_dobind_init[%d] mc=%p: "
+                       "non-empty dn with empty cred; binding anonymously\n",
+                       op->o_log_prefix, candidate, (void *)mc );
+               cred = slap_empty_bv;
+               
+       } else if ( BER_BVISEMPTY( &binddn ) && !BER_BVISEMPTY( &cred ) ) {
+               /* error */
+               Debug( LDAP_DEBUG_ANY, "%s meta_search_dobind_init[%d] mc=%p: "
+                       "empty dn with non-empty cred: error\n",
+                       op->o_log_prefix, candidate, (void *)mc );
+               goto other;
+       }
+
         /* connect must be async only the first time... */
         ldap_set_option( msc->msc_ld, LDAP_OPT_CONNECT_ASYNC, LDAP_OPT_ON );
author	Quanah Gibson-Mount <quanah@openldap.org>
	Thu, 10 Jun 2010 19:26:51 +0000 (19:26 +0000)
committer	Quanah Gibson-Mount <quanah@openldap.org>
	Thu, 10 Jun 2010 19:26:51 +0000 (19:26 +0000)