rc = slap_parse_user( &id, &user, &realm, &mech );
if ( rc == LDAP_SUCCESS ) {
- if ( mech.bv_len ) {
+ struct berval authz = BER_BVC( "AUTHZ" );
+
+ if ( mech.bv_len && !bvmatch( &mech, &authz) ) {
rs->sr_text = "mech not allowed in authzId";
return LDAP_PROXY_AUTHZ_FAILURE;
}
mech->bv_val[ 0 ] = '\0';
mech->bv_val++;
- realm->bv_val = strchr( id->bv_val, '/' );
+ realm->bv_val = strchr( mech->bv_val, '/' );
if ( realm->bv_val ) {
+ realm->bv_val[ 0 ] = '\0';
+ realm->bv_val++;
mech->bv_len = realm->bv_val - mech->bv_val - 1;
realm->bv_len = user->bv_val - realm->bv_val - 1;
} else {
projects / openldap / commitdiff