ITS#5404

diff --git a/CHANGES b/CHANGES
index 5959d32fa9daba4ec2a11e286fb46b75f3fb3871..af0d0538c7f4bc558c4953e603ee85842a93c9d4 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,7 @@ OpenLDAP 2.3 Change Log
 
 OpenLDAP 2.3.42 Engineering
        Fixed slapd pagedresults stale state (ITS#5409)
+       Fixed slapd-ldap connection handler (ITS#5404)
 
 OpenLDAP 2.3.41 Release (2008/02/19)
        Fixed slapd timestamp race condition (ITS#5370)

diff --git a/servers/slapd/back-ldap/bind.c b/servers/slapd/back-ldap/bind.c
index ed32a02814b7fa6abb1e1c9a65fb3105ecccac15..8d69effb014a0026c10bc7e253e1513e3a196684 100644 (file)
--- a/servers/slapd/back-ldap/bind.c
+++ b/servers/slapd/back-ldap/bind.c
@@ -1311,15 +1311,26 @@ retry_lock:;
 
                lutil_sasl_freedefs( defaults );
 
-               rs->sr_err = slap_map_api2result( rs );
-               if ( rs->sr_err != LDAP_SUCCESS ) {
+               switch ( rs->sr_err ) {
+               case LDAP_SUCCESS:
+                       LDAP_BACK_CONN_ISBOUND_SET( lc );
+                       break;
+
+               case LDAP_LOCAL_ERROR:
+                       /* list client API error codes that require
+                        * to taint the connection */
+                       /* FIXME: should actually retry? */
+                       LDAP_BACK_CONN_TAINTED_SET( lc );
+
+                       /* fallthru */
+
+               default:
                        LDAP_BACK_CONN_ISBOUND_CLEAR( lc );
+                       rs->sr_err = slap_map_api2result( rs );
                        if ( sendok & LDAP_BACK_SENDERR ) {
                                send_ldap_result( op, rs );
                        }
-
-               } else {
-                       LDAP_BACK_CONN_ISBOUND_SET( lc );
+                       break;
                }
 
                if ( LDAP_BACK_QUARANTINE( li ) ) {
@@ -1999,15 +2010,26 @@ ldap_back_proxy_authz_bind(
                                LDAP_SASL_QUIET, lutil_sasl_interact,
                                defaults );
 
-               rs->sr_err = slap_map_api2result( rs );
-               if ( rs->sr_err != LDAP_SUCCESS ) {
+               switch ( rs->sr_err ) {
+               case LDAP_SUCCESS:
+                       LDAP_BACK_CONN_ISBOUND_SET( lc );
+                       break;
+
+               case LDAP_LOCAL_ERROR:
+                       /* list client API error codes that require
+                        * to taint the connection */
+                       /* FIXME: should actually retry? */
+                       LDAP_BACK_CONN_TAINTED_SET( lc );
+
+                       /* fallthru */
+
+               default:
                        LDAP_BACK_CONN_ISBOUND_CLEAR( lc );
+                       rs->sr_err = slap_map_api2result( rs );
                        if ( sendok & LDAP_BACK_SENDERR ) {
                                send_ldap_result( op, rs );
                        }
-
-               } else {
-                       LDAP_BACK_CONN_ISBOUND_SET( lc );
+                       break;
                }
 
                lutil_sasl_freedefs( defaults );