make sure bind credentials are consistent

author Pierangelo Masarati <ando@openldap.org>

Mon, 24 May 2010 22:22:53 +0000 (22:22 +0000)

committer Pierangelo Masarati <ando@openldap.org>

Mon, 24 May 2010 22:22:53 +0000 (22:22 +0000)
author Pierangelo Masarati <ando@openldap.org>
Mon, 24 May 2010 22:22:53 +0000 (22:22 +0000)
committer Pierangelo Masarati <ando@openldap.org>
Mon, 24 May 2010 22:22:53 +0000 (22:22 +0000)
diff --git a/servers/slapd/back-meta/search.c b/servers/slapd/back-meta/search.c

index 2f98806d5739c496aa2262d0fc4cef701fc8d042..c328c57a73845bae79b9671a2e4fe4a1e110f64a 100644 (file)
--- a/servers/slapd/back-meta/search.c
+++ b/servers/slapd/back-meta/search.c
@@ -232,6 +232,21 @@ meta_search_dobind_init(
  
         assert( msc->msc_ld != NULL );
  
+       if ( !BER_BVISEMPTY( &binddn ) && BER_BVISEMPTY( &cred ) ) {
+               /* bind anonymously? */
+               Debug( LDAP_DEBUG_ANY, "%s meta_search_dobind_init[%d] mc=%p: "
+                       "non-empty dn with empty cred; binding anonymously\n",
+                       op->o_log_prefix, candidate, (void *)mc );
+               cred = slap_empty_bv;
+               
+       } else if ( BER_BVISEMPTY( &binddn ) && !BER_BVISEMPTY( &cred ) ) {
+               /* error */
+               Debug( LDAP_DEBUG_ANY, "%s meta_search_dobind_init[%d] mc=%p: "
+                       "empty dn with non-empty cred: error\n",
+                       op->o_log_prefix, candidate, (void *)mc );
+               goto other;
+       }
+
         /* connect must be async only the first time... */
         ldap_set_option( msc->msc_ld, LDAP_OPT_CONNECT_ASYNC, LDAP_OPT_ON );
author	Pierangelo Masarati <ando@openldap.org>
	Mon, 24 May 2010 22:22:53 +0000 (22:22 +0000)
committer	Pierangelo Masarati <ando@openldap.org>
	Mon, 24 May 2010 22:22:53 +0000 (22:22 +0000)