int rc;
/* If local DNs don't match, it is definitely not a match */
- if ( ( rc = ber_bvcmp( &lc1->local_dn, &lc2->local_dn )) )
+ if ( ( rc = ber_bvcmp( &lc1->local_dn, &lc2->local_dn ) ) )
return rc;
/* For shared sessions, conn is NULL. Only explicitly
struct ldapconn *
ldap_back_getconn(Operation *op, SlapReply *rs)
{
- struct ldapinfo *li = (struct ldapinfo *)op->o_bd->be_private;
- struct ldapconn *lc, lc_curr;
- LDAP *ld;
- int is_priv = 0;
+ struct ldapinfo *li = (struct ldapinfo *)op->o_bd->be_private;
+ struct ldapconn *lc, lc_curr;
+ LDAP *ld;
+ int is_priv = 0;
/* Searches for a ldapconn in the avl tree */
/* Explicit binds must not be shared */
if ( op->o_tag == LDAP_REQ_BIND
- || (op->o_conn
- && (op->o_bd == op->o_conn->c_authz_backend ))) {
+ || ( op->o_conn && op->o_bd == op->o_conn->c_authz_backend ) ) {
lc_curr.conn = op->o_conn;
} else {
int freeauthz = 0;
/* if SASL supports native authz, prepare for it */
- if ( li->idassert_flags & LDAP_BACK_AUTH_NATIVE_AUTHZ ) {
+ if ( ( !op->o_do_not_cache || !op->o_is_auth_check ) &&
+ ( li->idassert_flags & LDAP_BACK_AUTH_NATIVE_AUTHZ ) )
+ {
switch ( li->idassert_mode ) {
case LDAP_BACK_IDASSERT_OTHERID:
case LDAP_BACK_IDASSERT_OTHERDN:
{
struct ldapinfo *li = (struct ldapinfo *) op->o_bd->be_private;
LDAPControl **ctrls = NULL;
- int i = 0;
+ int i = 0,
+ mode;
struct berval assertedID;
*pctrls = NULL;
rs->sr_text = "proxyAuthz not allowed within namingContext";
}
- switch ( li->idassert_mode ) {
+ if ( op->o_do_not_cache && op->o_is_auth_check ) {
+ mode = LDAP_BACK_IDASSERT_NOASSERT;
+
+ } else {
+ mode = li->idassert_mode;
+ }
+
+ switch ( mode ) {
case LDAP_BACK_IDASSERT_LEGACY:
case LDAP_BACK_IDASSERT_SELF:
/* original behavior:
#
access to attr=userpassword
+ by dn.exact="uid=proxy,ou=People,dc=example,dc=com" read
by self =wx
by anonymous =x
fi
# FIXME: this cannot work as is, because SASL bind cannot be proxied!
-#if test $USE_SASL != "no" ; then
-# ID="bjorn"
-# BASE="dc=example,dc=com"
-# echo "Testing ldapsearch as $ID for \"$BASE\" with SASL bind and identity assertion..."
-# $LDAPSASLSEARCH -h $LOCALHOST -p $PORT1 -b "$BASE" \
-# -Q -U "$ID" -w bjorn -Y $MECH > $SEARCHOUT 2>&1
-#
-# RC=$?
-# if test $RC != 0 ; then
-# echo "ldapsearch failed ($RC)!"
-# test $KILLSERVERS != no && kill -HUP $KILLPIDS
-# exit $RC
-# fi
-#
-# echo "Filtering ldapsearch results..."
-# . $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
-# echo "Filtering original ldif used to create database..."
-# . $LDIFFILTER < $LDAPGLUEOUT > $LDIFFLT
-# echo "Comparing filter output..."
-# $CMP $SEARCHFLT $LDIFFLT > $CMPOUT
-#
-# if test $? != 0 ; then
-# echo "comparison failed - glued search with SASL bind and identity assertion didn't succeed"
-# test $KILLSERVERS != no && kill -HUP $KILLPIDS
-# exit 1
-# fi
-#fi
+if test $USE_SASL != "no" ; then
+ ID="bjorn"
+ BASE="dc=example,dc=com"
+ echo "Testing ldapsearch as $ID for \"$BASE\" with SASL bind and identity assertion..."
+ $LDAPSASLSEARCH -h $LOCALHOST -p $PORT1 -b "$BASE" \
+ -Q -U "$ID" -w bjorn -Y $MECH > $SEARCHOUT 2>&1
+
+ RC=$?
+ if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+ fi
+
+ echo "Filtering ldapsearch results..."
+ . $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+ echo "Filtering original ldif used to create database..."
+ . $LDIFFILTER < $LDAPGLUEOUT > $LDIFFLT
+ echo "Comparing filter output..."
+ $CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+ if test $? != 0 ; then
+ echo "comparison failed - glued search with SASL bind and identity assertion didn't succeed"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit 1
+ fi
+fi
test $KILLSERVERS != no && kill -HUP $KILLPIDS
projects / openldap / commitdiff