From d6269778480735ea31479060ac553daff692eb11 Mon Sep 17 00:00:00 2001 From: Howard Chu Date: Wed, 2 Feb 2011 20:32:48 +0000 Subject: [PATCH] Cleanup priv/idassert choice: check for configured bind method, not authcDN --- servers/slapd/back-ldap/bind.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/servers/slapd/back-ldap/bind.c b/servers/slapd/back-ldap/bind.c index c67152b7f7..add28dfdff 100644 --- a/servers/slapd/back-ldap/bind.c +++ b/servers/slapd/back-ldap/bind.c @@ -710,9 +710,9 @@ ldap_back_prepare_conn( ldapconn_t *lc, Operation *op, SlapReply *rs, ldap_back_ #ifdef HAVE_TLS if ( LDAP_BACK_CONN_ISPRIV( lc ) ) { - /* See "rationale:" comment in ldap_back_getconn() */ - if ( BER_BVISNULL( &li->li_acl_authcDN ) && - !BER_BVISNULL( &li->li_idassert_authcDN ) ) + /* See "rationale" comment in ldap_back_getconn() */ + if ( li->li_acl_authmethod == LDAP_AUTH_NONE && + li->li_idassert_authmethod != LDAP_AUTH_NONE ) sb = &li->li_idassert.si_bc; else sb = &li->li_acl; @@ -981,10 +981,10 @@ retry_lock: /* * the rationale is: connections as the rootdn are privileged, - * so acl_authcDN is to be used; however, in some cases + * so li_acl is to be used; however, in some cases * one already configured identity assertion with a highly - * privileged idassert_authcDN, so if acl_authcDN is NULL - * and idassert_authcDN is not, use the second instead. + * privileged idassert_authcDN, so if li_acl is not configured + * and idassert is, use idassert instead. * * might change in the future, because it's preferable * to make clear what identity is being used, since @@ -992,7 +992,8 @@ retry_lock: * the same identity twice... */ if ( LDAP_BACK_CONN_ISPRIV( &lc_curr ) ) { - if ( BER_BVISNULL( &li->li_acl_authcDN ) && !BER_BVISNULL( &li->li_idassert_authcDN ) ) { + if ( li->li_acl_authmethod == LDAP_AUTH_NONE && + li->li_idassert_authmethod != LDAP_AUTH_NONE ) { ber_dupbv( &lc->lc_bound_ndn, &li->li_idassert_authcDN ); ber_dupbv( &lc->lc_cred, &li->li_idassert_passwd ); -- 2.39.5