set BINDING appropriately (ITS#5185)

diff --git a/servers/slapd/back-meta/conn.c b/servers/slapd/back-meta/conn.c
index d3f8697b4881b2fa853915ae9ab081e579b63601..ec4901091453d95459d95b905ff433d0028ab0c8 100644 (file)
--- a/servers/slapd/back-meta/conn.c
+++ b/servers/slapd/back-meta/conn.c
@@ -1181,7 +1181,8 @@ retry_lock:;
 
        case LDAP_REQ_BIND:
                /* if bound as rootdn, the backend must bind to all targets
-                * with the administrative identity */
+                * with the administrative identity
+                * (unless pseoudoroot-bind-defer is TRUE) */
                if ( op->orb_method == LDAP_AUTH_SIMPLE && be_isroot_pw( op ) ) {
                        op_type = META_OP_REQUIRE_ALL;
                }
@@ -1239,6 +1240,9 @@ retry_lock:;
                                rs, mc, i, LDAP_BACK_CONN_ISPRIV( &mc_curr ),
                                LDAP_BACK_DONTSEND, !new_conn );
                        if ( candidates[ i ].sr_err == LDAP_SUCCESS ) {
+                               if ( new_conn && ( sendok & LDAP_BACK_BINDING ) ) {
+                                       LDAP_BACK_CONN_BINDING_SET( &mc->mc_conns[ i ] );
+                               }
                                META_CANDIDATE_SET( &candidates[ i ] );
                                ncandidates++;
        
@@ -1428,6 +1432,10 @@ retry_lock2:;
                        return NULL;
                }
 
+               if ( new_conn && ( sendok & LDAP_BACK_BINDING ) ) {
+                       LDAP_BACK_CONN_BINDING_SET( &mc->mc_conns[ i ] );
+               }
+
                candidates[ i ].sr_err = LDAP_SUCCESS;
                META_CANDIDATE_SET( &candidates[ i ] );
                ncandidates++;