From 691b4dfa518714d0732259672cca619bba551ab2 Mon Sep 17 00:00:00 2001
From: Quanah Gibson-Mount <quanah@openldap.org>
Date: Mon, 14 Apr 2008 21:29:33 +0000
Subject: [PATCH] ITS#5404

---
 CHANGES                        |  1 +
 servers/slapd/back-ldap/bind.c | 44 ++++++++++++++++++++++++++--------
 2 files changed, 35 insertions(+), 10 deletions(-)

diff --git a/CHANGES b/CHANGES
index 52e9afaf22..7685b2bd08 100644
--- a/CHANGES
+++ b/CHANGES
@@ -14,6 +14,7 @@ OpenLDAP 2.4.9 Engineering
 	Fixed slapd syncrepl crash on empty CSN (ITS#5432)
 	Fixed slapd syncrepl refreshAndPersist (ITS#5454)
 	Fixed slapd syncrepl modrdn processing (ITS#5397)
+	Fixed slapd-ldap connection handler (ITS#5404)
 	Fixed slapo-syncprov psearch on closed connection (ITS#5401)
 	Fixed slapo-syncprov psearch task delay (ITS#5405)
 	Fixed slapo-syncprov psearch filter identity (ITS#5418)
diff --git a/servers/slapd/back-ldap/bind.c b/servers/slapd/back-ldap/bind.c
index 6ba8c4716b..ae513a4e38 100644
--- a/servers/slapd/back-ldap/bind.c
+++ b/servers/slapd/back-ldap/bind.c
@@ -1228,6 +1228,8 @@ ldap_back_dobind_cb(
 {
 	ber_tag_t *tptr = op->o_callback->sc_private;
 	op->o_tag = *tptr;
+	rs->sr_tag = slap_req2res( op->o_tag );
+
 	return SLAP_CB_CONTINUE;
 }
 
@@ -1390,15 +1392,26 @@ retry_lock:;
 
 		lutil_sasl_freedefs( defaults );
 
-		rs->sr_err = slap_map_api2result( rs );
-		if ( rs->sr_err != LDAP_SUCCESS ) {
+		switch ( rs->sr_err ) {
+		case LDAP_SUCCESS:
+			LDAP_BACK_CONN_ISBOUND_SET( lc );
+			break;
+
+		case LDAP_LOCAL_ERROR:
+			/* list client API error codes that require
+			 * to taint the connection */
+			/* FIXME: should actually retry? */
+			LDAP_BACK_CONN_TAINTED_SET( lc );
+
+			/* fallthru */
+
+		default:
 			LDAP_BACK_CONN_ISBOUND_CLEAR( lc );
+			rs->sr_err = slap_map_api2result( rs );
 			if ( sendok & LDAP_BACK_SENDERR ) {
 				send_ldap_result( op, rs );
 			}
-
-		} else {
-			LDAP_BACK_CONN_ISBOUND_SET( lc );
+			break;
 		}
 
 		if ( LDAP_BACK_QUARANTINE( li ) ) {
@@ -2134,15 +2147,26 @@ ldap_back_proxy_authz_bind(
 				LDAP_SASL_QUIET, lutil_sasl_interact,
 				defaults );
 
-		rs->sr_err = slap_map_api2result( rs );
-		if ( rs->sr_err != LDAP_SUCCESS ) {
+		switch ( rs->sr_err ) {
+		case LDAP_SUCCESS:
+			LDAP_BACK_CONN_ISBOUND_SET( lc );
+			break;
+
+		case LDAP_LOCAL_ERROR:
+			/* list client API error codes that require
+			 * to taint the connection */
+			/* FIXME: should actually retry? */
+			LDAP_BACK_CONN_TAINTED_SET( lc );
+
+			/* fallthru */
+
+		default:
 			LDAP_BACK_CONN_ISBOUND_CLEAR( lc );
+			rs->sr_err = slap_map_api2result( rs );
 			if ( sendok & LDAP_BACK_SENDERR ) {
 				send_ldap_result( op, rs );
 			}
-
-		} else {
-			LDAP_BACK_CONN_ISBOUND_SET( lc );
+			break;
 		}
 
 		lutil_sasl_freedefs( defaults );
-- 
2.39.5