]> git.sur5r.net Git - openldap/commitdiff
ITS#6711 use idassert TLS conf for priv connection if aclbind not set
authorHoward Chu <hyc@openldap.org>
Wed, 2 Feb 2011 20:06:28 +0000 (20:06 +0000)
committerQuanah Gibson-Mount <quanah@openldap.org>
Wed, 8 Jun 2011 22:59:21 +0000 (15:59 -0700)
servers/slapd/back-ldap/bind.c

index c6055918cac2d6daffae4a34a2bfd1c5cc1a1261..6432851f37132a060dbf9e6d563074a7197ece96 100644 (file)
@@ -714,7 +714,12 @@ ldap_back_prepare_conn( ldapconn_t *lc, Operation *op, SlapReply *rs, ldap_back_
 
 #ifdef HAVE_TLS
        if ( LDAP_BACK_CONN_ISPRIV( lc ) ) {
-               sb = &li->li_acl;
+               /* See "rationale:" comment in ldap_back_getconn() */
+               if ( BER_BVISNULL( &li->li_acl_authcDN ) &&
+                       !BER_BVISNULL( &li->li_idassert_authcDN ) )
+                       sb = &li->li_idassert.si_bc;
+               else
+                       sb = &li->li_acl;
 
        } else if ( LDAP_BACK_CONN_ISIDASSERT( lc ) ) {
                sb = &li->li_idassert.si_bc;