From: Pierangelo Masarati <ando@openldap.org>
Date: Fri, 21 Apr 2006 21:07:31 +0000 (+0000)
Subject: don't idassert if proxyAuthz == boundDN (ITS#4497)
X-Git-Tag: OPENLDAP_REL_ENG_2_4_1ALPHA~2^2~161
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=4d894c7d2411edf933118d540b176de91aa22577;p=openldap

don't idassert if proxyAuthz == boundDN (ITS#4497)
---

diff --git a/servers/slapd/back-ldap/bind.c b/servers/slapd/back-ldap/bind.c
index 131219683f..61f69630b3 100644
--- a/servers/slapd/back-ldap/bind.c
+++ b/servers/slapd/back-ldap/bind.c
@@ -1652,6 +1652,11 @@ ldap_back_proxy_authz_ctrl(
 		assertedID = slap_empty_bv;
 	}
 
+	/* don't idassert the bound DN (ITS#4497) */
+	if ( dn_match( &assertedID, &lc->lc_bound_ndn ) ) {
+		goto done;
+	}
+
 	if ( op->o_ctrls ) {
 		for ( i = 0; op->o_ctrls[ i ]; i++ )
 			/* just count ctrls */ ;