give the db a chance if rootpw is unset (more for ITS#4962)

author Pierangelo Masarati <ando@openldap.org>

Fri, 17 Aug 2007 09:50:20 +0000 (09:50 +0000)

committer Pierangelo Masarati <ando@openldap.org>

Fri, 17 Aug 2007 09:50:20 +0000 (09:50 +0000)
author Pierangelo Masarati <ando@openldap.org>
Fri, 17 Aug 2007 09:50:20 +0000 (09:50 +0000)
committer Pierangelo Masarati <ando@openldap.org>
Fri, 17 Aug 2007 09:50:20 +0000 (09:50 +0000)
diff --git a/servers/slapd/backend.c b/servers/slapd/backend.c

index ca1914fb2ad92fd2272e9c90aa7adeb449586f8c..3d83060f557712d26bca64b69ec5a54457a18994 100644 (file)
--- a/servers/slapd/backend.c
+++ b/servers/slapd/backend.c
@@ -209,6 +209,17 @@ int backend_startup_one(Backend *be, ConfigReply *cr)
         /* set database controls */
         (void)backend_set_controls( be );
  
+#if 0
+       if ( !BER_BVISEMPTY( &be->be_rootndn )
+               && select_backend( &be->be_rootndn, 0 ) == be
+               && BER_BVISNULL( &be->be_rootpw ) )
+       {
+               /* warning: if rootdn entry is created,
+                * it can take rootdn privileges;
+                * set empty rootpw to prevent */
+       }
+#endif
+
         if ( be->bd_info->bi_db_open ) {
                 rc = be->bd_info->bi_db_open( be, cr );
                 if ( rc == 0 ) {
@@ -792,7 +803,13 @@ be_rootdn_bind( Operation *op, SlapReply *rs )
                 return SLAP_CB_CONTINUE;
         }
  
+       if ( BER_BVISNULL( &op->o_bd->be_rootpw ) ) {
+               /* give the database a chance */
+               return SLAP_CB_CONTINUE;
+       }
+
         if ( BER_BVISEMPTY( &op->o_bd->be_rootpw ) ) {
+               /* rootdn bind explicitly disallowed */
                 rc = LDAP_INVALID_CREDENTIALS;
                 if ( rs ) {
                         goto send_result;
author	Pierangelo Masarati <ando@openldap.org>
	Fri, 17 Aug 2007 09:50:20 +0000 (09:50 +0000)
committer	Pierangelo Masarati <ando@openldap.org>
	Fri, 17 Aug 2007 09:50:20 +0000 (09:50 +0000)