ITS#6643

diff --git a/CHANGES b/CHANGES
index 96885ccd567c5be9304ce0fb99ab3f72e9d25a6c..63b4c20d31188d374d13d8a46f8f6e4f0250d124 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,7 @@ OpenLDAP 2.4.24 Engineering
        Fixed slapd acl parsing overflow (ITS#6611)
        Fixed slapd modify to return actual error (ITS#6581)
        Fixed slapd-bdb entry cache delete failure (ITS#6577)
+       Fixed slapd-meta anon retry with failed auth method (ITS#6643)
        Fixed slapd-null back-config support (ITS#6624)
        Fixed slapo-pcache callback freeing (ITS#6640)
        Fixed slapo-pcache to ignore undefined attrs (ITS#6600)

diff --git a/servers/slapd/back-meta/search.c b/servers/slapd/back-meta/search.c
index eaa0311729c2fa2e756592df23784401acd38157..068589d1ae4f68a78fb228070c3997983ce9783b 100644 (file)
--- a/servers/slapd/back-meta/search.c
+++ b/servers/slapd/back-meta/search.c
@@ -191,8 +191,13 @@ meta_search_dobind_init(
                        ( mt->mt_idassert_flags & LDAP_BACK_AUTH_OVERRIDE ) ) )
        {
                rc = meta_back_proxy_authz_cred( mc, candidate, op, rs, LDAP_BACK_DONTSEND, &binddn, &cred, &method );
-               if ( rc != LDAP_SUCCESS ) {
+               switch ( rc ) {
+               case LDAP_SUCCESS:
+                       break;
+               case LDAP_UNAVAILABLE:
                        goto down;
+               default:
+                       goto other;
                }
 
                /* NOTE: we copy things here, even if bind didn't succeed yet,