ITS#7403, #6296 fix AUTHZ_BACKEND handling

c_authz_cookie should only be set on explicit Bind requests.

diff --git a/servers/slapd/back-ldap/bind.c b/servers/slapd/back-ldap/bind.c
index b099ae7df1b45176d1a0f5f49540813279325b55..b7627af8cc28725c0bfbc33d1c0ac9b726c265d8 100644 (file)
--- a/servers/slapd/back-ldap/bind.c
+++ b/servers/slapd/back-ldap/bind.c
@@ -1581,7 +1581,6 @@ retry:;
        rc = ldap_back_op_result( lc, op, rs, msgid,
                -1, ( sendok | LDAP_BACK_BINDING ) );
        if ( rc == LDAP_SUCCESS ) {
-               op->o_conn->c_authz_cookie = op->o_bd->be_private;
                LDAP_BACK_CONN_ISBOUND_SET( lc );
        }
 
@@ -2411,7 +2410,6 @@ ldap_back_proxy_authz_bind(
                                ber_bvreplace( &lc->lc_bound_ndn, &bv );
                        }
 #endif /* SLAP_AUTH_DN */
-                       op->o_conn->c_authz_cookie = op->o_bd->be_private;
                        LDAP_BACK_CONN_ISBOUND_SET( lc );
                        break;
 
@@ -2482,7 +2480,6 @@ ldap_back_proxy_authz_bind(
                 * so that referral chasing is attempted using the right
                 * identity */
                LDAP_BACK_CONN_ISBOUND_SET( lc );
-               op->o_conn->c_authz_cookie = op->o_bd->be_private;
                if ( !BER_BVISNULL( binddn ) ) {
                        ber_bvreplace( &lc->lc_bound_ndn, binddn );
                }