From: Howard Chu Date: Fri, 25 Aug 2006 02:16:57 +0000 (+0000) Subject: Fix test045, test048 use acl-bind credentials on retry if they were set. X-Git-Tag: OPENLDAP_REL_ENG_2_3_MP~261 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=ca262ee8e62f0226df368f0d06044a7404dfa16c;p=openldap Fix test045, test048 use acl-bind credentials on retry if they were set. --- diff --git a/servers/slapd/back-ldap/bind.c b/servers/slapd/back-ldap/bind.c index 51d3456d45..056ea30a5e 100644 --- a/servers/slapd/back-ldap/bind.c +++ b/servers/slapd/back-ldap/bind.c @@ -995,8 +995,8 @@ retry_lock:; * but the "override" flag is given to idassert. * It allows to use SASL bind and yet proxyAuthz users */ - if ( op->o_conn != NULL && - !op->o_do_not_cache && + if ( op->o_conn != NULL && !op->o_do_not_cache && + ( !LDAP_BACK_CONN_ISPRIV( lc ) || BER_BVISEMPTY( &lc->lc_bound_ndn )) && ( !isbound || ( li->li_idassert_flags & LDAP_BACK_AUTH_OVERRIDE ) ) ) { (void)ldap_back_proxy_authz_bind( lc, op, rs, sendok ); @@ -1427,6 +1427,7 @@ ldap_back_retry( ldapconn_t **lcp, Operation *op, SlapReply *rs, ldap_back_send_ if ( rc == 0 && *lcp != NULL ) { /* freeit, because lc_refcnt == 1 */ (*lcp)->lc_refcnt = 0; + LDAP_BACK_CONN_TAINTED_SET( *lcp ); (void)ldap_back_freeconn( op, *lcp, 0 ); *lcp = NULL; }