From: Howard Chu <hyc@openldap.org>
Date: Wed, 2 Feb 2011 20:32:48 +0000 (+0000)
Subject: Cleanup priv/idassert choice: check for configured bind method, not authcDN
X-Git-Tag: MIGRATION_CVS2GIT~138
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=d6269778480735ea31479060ac553daff692eb11;p=openldap

Cleanup priv/idassert choice: check for configured bind method, not authcDN
---

diff --git a/servers/slapd/back-ldap/bind.c b/servers/slapd/back-ldap/bind.c
index c67152b7f7..add28dfdff 100644
--- a/servers/slapd/back-ldap/bind.c
+++ b/servers/slapd/back-ldap/bind.c
@@ -710,9 +710,9 @@ ldap_back_prepare_conn( ldapconn_t *lc, Operation *op, SlapReply *rs, ldap_back_
 
 #ifdef HAVE_TLS
 	if ( LDAP_BACK_CONN_ISPRIV( lc ) ) {
-		/* See "rationale:" comment in ldap_back_getconn() */
-		if ( BER_BVISNULL( &li->li_acl_authcDN ) &&
-			!BER_BVISNULL( &li->li_idassert_authcDN ) )
+		/* See "rationale" comment in ldap_back_getconn() */
+		if ( li->li_acl_authmethod == LDAP_AUTH_NONE &&
+			 li->li_idassert_authmethod != LDAP_AUTH_NONE )
 			sb = &li->li_idassert.si_bc;
 		else
 			sb = &li->li_acl;
@@ -981,10 +981,10 @@ retry_lock:
 
 		/*
 		 * the rationale is: connections as the rootdn are privileged,
-		 * so acl_authcDN is to be used; however, in some cases
+		 * so li_acl is to be used; however, in some cases
 		 * one already configured identity assertion with a highly
-		 * privileged idassert_authcDN, so if acl_authcDN is NULL
-		 * and idassert_authcDN is not, use the second instead.
+		 * privileged idassert_authcDN, so if li_acl is not configured
+		 * and idassert is, use idassert instead.
 		 *
 		 * might change in the future, because it's preferable
 		 * to make clear what identity is being used, since
@@ -992,7 +992,8 @@ retry_lock:
 		 * the same identity twice...
 		 */
 		if ( LDAP_BACK_CONN_ISPRIV( &lc_curr ) ) {
-			if ( BER_BVISNULL( &li->li_acl_authcDN ) && !BER_BVISNULL( &li->li_idassert_authcDN ) ) {
+			if ( li->li_acl_authmethod == LDAP_AUTH_NONE &&
+				 li->li_idassert_authmethod != LDAP_AUTH_NONE ) {
 				ber_dupbv( &lc->lc_bound_ndn, &li->li_idassert_authcDN );
 				ber_dupbv( &lc->lc_cred, &li->li_idassert_passwd );