upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-28 10:39:34 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

ITS#8142 cleanup prev commit

Browse source 
Only drop connection if user originally bound to this backend,
and rebind-as-user was set. Sessions from other backends would
use idassert-bind so loss of creds doesn't affect them.
This commit is contained in:
Howard Chu 2015-05-21 01:20:16 +01:00
parent 5f70fd13d2
commit 66ab6bafa8
2 changed files with 12 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
servers/slapd/back-ldap/bind.c
View file

@ -1573,7 +1573,12 @@ retry:;
op->o_tag = o_tag;
rs->sr_text = "Proxy can't contact remote server";
send_ldap_result( op, rs );
rs->sr_err = SLAPD_DISCONNECT;
/* if we originally bound and wanted rebind-as-user, must drop
* the connection now because we just discarded the credentials.
* ITS#7464, #8142
*/
if ( LDAP_BACK_SAVECRED( li ) && SLAP_IS_AUTHZ_BACKEND( op ) )
rs->sr_err = SLAPD_DISCONNECT;
}
rc = 0;

7
servers/slapd/back-ldap/search.c
View file

@ -645,7 +645,12 @@ finish:;
ldap_back_release_conn( li, lc );
}
if ( rs->sr_err == LDAP_UNAVAILABLE )
if ( rs->sr_err == LDAP_UNAVAILABLE &&
/* if we originally bound and wanted rebind-as-user, must drop
* the connection now because we just discarded the credentials.
* ITS#7464, #8142
*/
LDAP_BACK_SAVECRED( li ) && SLAP_IS_AUTHZ_BACKEND( op ) )
rs->sr_err = SLAPD_DISCONNECT;
return rs->sr_err;
}