From: Pierangelo Masarati <ando@openldap.org>
Date: Sun, 9 Sep 2007 22:24:13 +0000 (+0000)
Subject: idassert also in case of SASL mechs that do not set authcId
X-Git-Tag: OPENLDAP_REL_ENG_2_3_39~35
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=93e0c8b0fe6999f3f0486291a157cfcb65877163;p=openldap

idassert also in case of SASL mechs that do not set authcId
---

diff --git a/CHANGES b/CHANGES
index ffe27ba5f2..0c563211bf 100644
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,7 @@ OpenLDAP 2.3.39 Engineering
 	Fixed slapd password_hash config order (ITS#5082)
 	Fixed slapd slap_mods_check bug (ITS#5119)
 	Fixed slapd-bdb DB_CONFIG conversion bug (ITS#5118)
+	Fixed slapd-ldap SASL idassert w/o autchId
 	Fixed slapd-sql concurrency issue (ITS#5095)
 	Fixed slapo-pcache and -rwm interaction fix (ITS#4991) 
 	Fixed slapo-rwm modlist handling (ITS#5124)
diff --git a/servers/slapd/back-ldap/bind.c b/servers/slapd/back-ldap/bind.c
index d0ade05649..52d8c7e2f1 100644
--- a/servers/slapd/back-ldap/bind.c
+++ b/servers/slapd/back-ldap/bind.c
@@ -2133,7 +2133,8 @@ ldap_back_proxy_authz_ctrl(
 	 * but if it is not set this test fails.  We need a different
 	 * means to detect if idassert is enabled */
 	if ( ( BER_BVISNULL( &si->si_bc.sb_authcId ) || BER_BVISEMPTY( &si->si_bc.sb_authcId ) )
-			&& ( BER_BVISNULL( &si->si_bc.sb_binddn ) || BER_BVISEMPTY( &si->si_bc.sb_binddn ) ) )
+		&& ( BER_BVISNULL( &si->si_bc.sb_binddn ) || BER_BVISEMPTY( &si->si_bc.sb_binddn ) )
+		&& BER_BVISNULL( &si->si_bc.sb_saslmech ) )
 	{
 		goto done;
 	}