From: Howard Chu <hyc@openldap.org>
Date: Wed, 2 Feb 2011 20:06:28 +0000 (+0000)
Subject: ITS#6711 use idassert TLS conf for priv connection if aclbind not set
X-Git-Tag: OPENLDAP_REL_ENG_2_4_26~73
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=e2a6d5ba70c20fd9068c0a0a5cef37dbbeb0136b;p=openldap

ITS#6711 use idassert TLS conf for priv connection if aclbind not set
---

diff --git a/servers/slapd/back-ldap/bind.c b/servers/slapd/back-ldap/bind.c
index c6055918ca..6432851f37 100644
--- a/servers/slapd/back-ldap/bind.c
+++ b/servers/slapd/back-ldap/bind.c
@@ -714,7 +714,12 @@ ldap_back_prepare_conn( ldapconn_t *lc, Operation *op, SlapReply *rs, ldap_back_
 
 #ifdef HAVE_TLS
 	if ( LDAP_BACK_CONN_ISPRIV( lc ) ) {
-		sb = &li->li_acl;
+		/* See "rationale:" comment in ldap_back_getconn() */
+		if ( BER_BVISNULL( &li->li_acl_authcDN ) &&
+			!BER_BVISNULL( &li->li_idassert_authcDN ) )
+			sb = &li->li_idassert.si_bc;
+		else
+			sb = &li->li_acl;
 
 	} else if ( LDAP_BACK_CONN_ISIDASSERT( lc ) ) {
 		sb = &li->li_idassert.si_bc;