From 331fef5e78c48781a9a35a181effa0d5ae777ab3 Mon Sep 17 00:00:00 2001
From: Pierangelo Masarati <ando@openldap.org>
Date: Sun, 9 Sep 2007 21:52:10 +0000
Subject: [PATCH] idassert also in case of SASL mechs that do not set authcId

---
 servers/slapd/back-ldap/bind.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/servers/slapd/back-ldap/bind.c b/servers/slapd/back-ldap/bind.c
index 02485e8c1a..882058302a 100644
--- a/servers/slapd/back-ldap/bind.c
+++ b/servers/slapd/back-ldap/bind.c
@@ -2249,7 +2249,8 @@ ldap_back_proxy_authz_ctrl(
 	 * but if it is not set this test fails.  We need a different
 	 * means to detect if idassert is enabled */
 	if ( ( BER_BVISNULL( &si->si_bc.sb_authcId ) || BER_BVISEMPTY( &si->si_bc.sb_authcId ) )
-			&& ( BER_BVISNULL( &si->si_bc.sb_binddn ) || BER_BVISEMPTY( &si->si_bc.sb_binddn ) ) )
+		&& ( BER_BVISNULL( &si->si_bc.sb_binddn ) || BER_BVISEMPTY( &si->si_bc.sb_binddn ) )
+		&& BER_BVISNULL( &si->si_bc.sb_saslmech ) )
 	{
 		goto done;
 	}
-- 
2.39.5