From eca48b6f20e02aa2941fba3b81eb1347aea44013 Mon Sep 17 00:00:00 2001
From: Pierangelo Masarati <ando@openldap.org>
Date: Sun, 20 Jun 2004 23:21:40 +0000
Subject: [PATCH] not sure that cyrus-sasl doesn't honor empty authz; need to
 check

---
 servers/slapd/back-ldap/bind.c | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/servers/slapd/back-ldap/bind.c b/servers/slapd/back-ldap/bind.c
index a2f1194f30..5830528fbb 100644
--- a/servers/slapd/back-ldap/bind.c
+++ b/servers/slapd/back-ldap/bind.c
@@ -464,8 +464,6 @@ ldap_back_dobind( struct ldapconn *lc, Operation *op, SlapReply *rs )
 					case LDAP_BACK_IDASSERT_SELF:
 						if ( BER_BVISNULL( &op->o_conn->c_dn ) ) {
 							/* connection is not authc'd, so don't idassert */
-							/* FIXME: cyrus-sasl doesn't honor empty authzID!
-							 * i.e. NULL is equivalent to ""! */
 							break;
 						}
 						authzID.bv_len = STRLENOF( "dn:" ) + op->o_conn->c_dn.bv_len;
@@ -835,9 +833,6 @@ ldap_back_proxy_authz_ctrl(
 	case LDAP_BACK_IDASSERT_SELF:
 		/* original behavior:
 		 * assert the client's identity */
-		/* FIXME: we may get here if binding anonymously,
-		 * because cyrus sasl doesn't honor empty (i.e. "")
-		 * authzID */
 		assertedID = BER_BVISNULL( &op->o_conn->c_dn ) ? slap_empty_bv : op->o_conn->c_dn;
 		break;
 
-- 
2.39.5