check validity of idassert-bind line (ITS#5863)

servers/slapd/back-ldap/bind.c

@@ -2206,7 +2206,9 @@ ldap_back_proxy_authz_bind(
 		 * so that referral chasing is attempted using the right
 		 * identity */
 		LDAP_BACK_CONN_ISBOUND_SET( lc );
-		ber_bvreplace( &lc->lc_bound_ndn, binddn );
+		if ( !BER_BVISNULL( binddn ) ) {
+			ber_bvreplace( &lc->lc_bound_ndn, binddn );
+		}
 
 		if ( !BER_BVISNULL( &lc->lc_cred ) ) {
 			memset( lc->lc_cred.bv_val, 0,
@@ -2214,8 +2216,10 @@ ldap_back_proxy_authz_bind(
 		}
 
 		if ( LDAP_BACK_SAVECRED( li ) ) {
-			ber_bvreplace( &lc->lc_cred, bindcred );
-			ldap_set_rebind_proc( lc->lc_ld, li->li_rebind_f, lc );
+			if ( !BER_BVISNULL( bindcred ) ) {
+				ber_bvreplace( &lc->lc_cred, bindcred );
+				ldap_set_rebind_proc( lc->lc_ld, li->li_rebind_f, lc );
+			}
 
 		} else {
 			lc->lc_cred.bv_len = 0;

servers/slapd/back-ldap/config.c

@@ -743,6 +743,19 @@ slap_idassert_parse( ConfigArgs *c, slap_idassert_t *si )
 			return 1;
 		}
 	}
+
+	if ( si->si_bc.sb_method == LDAP_AUTH_SIMPLE ) {
+		if ( BER_BVISNULL( &si->si_bc.sb_binddn )
+			|| BER_BVISNULL( &si->si_bc.sb_cred ) )
+		{
+			snprintf( c->cr_msg, sizeof( c->cr_msg ),
+				"\"idassert-bind <args>\": "
+				"SIMPLE needs \"binddn\" and \"credentials\"" );
+			Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->cr_msg, 0 );
+			return 1;
+		}
+	}
+
 	bindconf_tls_defaults( &si->si_bc );
 
 	return 0;