Implemented connection pooling. Requires libldap_r to allow multiple threads

to access the same LDAP* handle.

servers/slapd/back-ldap/add.c

@@ -68,7 +68,7 @@ ldap_back_add(
 #endif /* !NEW_LOGGING */
 	
 	lc = ldap_back_getconn(li, conn, op);
-	if ( !lc || !ldap_back_dobind( lc, op ) ) {
+	if ( !lc || !ldap_back_dobind( lc, conn, op ) ) {
 		return( -1 );
 	}
 
@@ -186,7 +186,7 @@ ldap_back_add(
 		free( mdn.bv_val );
 	}
 	
-	return( ldap_back_op_result( lc, op ) );
+	return( ldap_back_op_result( lc, conn, op ) );
 }
 
 #ifdef ENABLE_REWRITE

servers/slapd/back-ldap/attribute.c

@@ -31,6 +31,7 @@ ldap_back_attribute(
 )
 {
 	struct ldapinfo *li = (struct ldapinfo *) be->be_private;    
+	struct ldapconn *lc;
 	int rc = 1, i, j, count, is_oc;
 	Attribute *attr = NULL;
 	BerVarray abv, v;
@@ -38,7 +39,6 @@ ldap_back_attribute(
 	char **vs = NULL;
 	LDAPMessage	*result = NULL, *e = NULL;
 	char *gattr[2];
-	LDAP *ld = NULL;
 
 	*vals = NULL;
 	if (target != NULL && dn_match( &target->e_nname, ndn )) {
@@ -68,28 +68,30 @@ ldap_back_attribute(
 		return 1;
 	}
 
-	if (ldap_initialize(&ld, li->url) != LDAP_SUCCESS) {
+	/* Tell getconn this is a privileged op */
+	is_oc = op->o_do_not_cache;
+	op->o_do_not_cache = 1;
+	lc = ldap_back_getconn(li, conn, op);
+	if ( !lc || !ldap_back_dobind(lc, NULL, op) ) {
+		op->o_do_not_cache = is_oc;
 		return 1;
 	}
-
+	op->o_do_not_cache = is_oc;
-	if (ldap_bind_s(ld, li->binddn, li->bindpw, LDAP_AUTH_SIMPLE) != LDAP_SUCCESS) {
-		goto cleanup;
-	}
 
 	gattr[0] = mapped.bv_val;
 	gattr[1] = NULL;
-	if (ldap_search_ext_s(ld, ndn->bv_val, LDAP_SCOPE_BASE, "(objectclass=*)",
+	if (ldap_search_ext_s(lc->ld, ndn->bv_val, LDAP_SCOPE_BASE, "(objectclass=*)",
 				gattr, 0, NULL, NULL, LDAP_NO_LIMIT,
 				LDAP_NO_LIMIT, &result) != LDAP_SUCCESS)
 	{
 		goto cleanup;
 	}
 
-	if ((e = ldap_first_entry(ld, result)) == NULL) {
+	if ((e = ldap_first_entry(lc->ld, result)) == NULL) {
 		goto cleanup;
 	}
 		
-	vs = ldap_get_values(ld, e, mapped.bv_val);
+	vs = ldap_get_values(lc->ld, e, mapped.bv_val);
 	if (vs == NULL) {
 		goto cleanup;
 	}
@@ -132,7 +134,6 @@ cleanup:
 	if (result) {
 		ldap_msgfree(result);
 	}
-	ldap_unbind(ld);
 
 	return(rc);
 }

servers/slapd/back-ldap/back-ldap.h

@@ -49,13 +49,16 @@ LDAP_BEGIN_DECL
 
 struct slap_conn;
 struct slap_op;
+struct slap_backend_db;
 
 struct ldapconn {
 	struct slap_conn	*conn;
 	LDAP		*ld;
 	struct berval	cred;
 	struct berval 	bound_dn;
+	struct berval	local_dn;
 	int		bound;
+	ldap_pvt_thread_mutex_t		lc_mutex;
 };
 
 struct ldapmap {
@@ -71,6 +74,7 @@ struct ldapmapping {
 };
 
 struct ldapinfo {
+	struct slap_backend_db	*be;
 	char *url;
 	char *binddn;
 	char *bindpw;
@@ -89,9 +93,9 @@ struct ldapinfo {
 
 struct ldapconn *ldap_back_getconn(struct ldapinfo *li, struct slap_conn *conn,
 	struct slap_op *op);
-int ldap_back_dobind(struct ldapconn *lc, Operation *op);
+int ldap_back_dobind(struct ldapconn *lc, Connection *conn, Operation *op);
 int ldap_back_map_result(int err);
-int ldap_back_op_result(struct ldapconn *lc, Operation *op);
+int ldap_back_op_result(struct ldapconn *lc, Connection *conn, Operation *op);
 int	back_ldap_LTX_init_module(int argc, char *argv[]);
 
 void ldap_back_dn_massage(struct ldapinfo *li, struct berval *dn,
@@ -99,6 +103,7 @@ void ldap_back_dn_massage(struct ldapinfo *li, struct berval *dn,
 
 extern int ldap_back_conn_cmp( const void *c1, const void *c2);
 extern int ldap_back_conn_dup( void *c1, void *c2 );
+extern void ldap_back_conn_free( void *c );
 
 int mapping_cmp (const void *, const void *);
 int mapping_dup (void *, void *);

servers/slapd/back-ldap/bind.c

@@ -77,7 +77,7 @@ ldap_back_bind(
 	if ( op->o_ctrls ) {
 		if ( ldap_set_option( lc->ld, LDAP_OPT_SERVER_CONTROLS,
 					op->o_ctrls ) != LDAP_SUCCESS ) {
-			ldap_back_op_result( lc, op );
+			ldap_back_op_result( lc, conn, op );
 			return( -1 );
 		}
 	}
@@ -114,11 +114,22 @@ ldap_back_bind(
 	ldap_back_dn_massage( li, dn, &mdn, 0, 1 );
 #endif /* !ENABLE_REWRITE */
 
+	if ( lc->bound_dn.bv_val ) {
+		ch_free( lc->bound_dn.bv_val );
+		lc->bound_dn.bv_len = 0;
+		lc->bound_dn.bv_val = NULL;
+	}
+	lc->bound = 0;
 	rc = ldap_bind_s(lc->ld, mdn.bv_val, cred->bv_val, method);
 	if (rc != LDAP_SUCCESS) {
-		rc = ldap_back_op_result( lc, op );
+		rc = ldap_back_op_result( lc, conn, op );
 	} else {
 		lc->bound = 1;
+		if ( mdn.bv_val != dn->bv_val ) {
+			lc->bound_dn = mdn;
+		} else {
+			ber_dupbv( &lc->bound_dn, dn );
+		}
 	}
 
 	if ( li->savecred ) {
@@ -128,14 +139,22 @@ ldap_back_bind(
 		ldap_set_rebind_proc( lc->ld, ldap_back_rebind, lc );
 	}
 
-	if ( lc->bound_dn.bv_val )
+	/* must re-insert if local DN changed as result of bind */
-		ch_free( lc->bound_dn.bv_val );
+	if ( lc->bound && ber_bvcmp(ndn, &lc->local_dn ) ) {
-	if ( mdn.bv_val != dn->bv_val ) {
+		int err;
-		lc->bound_dn = mdn;
+		ldap_pvt_thread_mutex_lock( &li->conn_mutex );
-	} else {
+		lc = avl_delete( &li->conntree, (caddr_t)lc, ldap_back_conn_cmp );
-		ber_dupbv( &lc->bound_dn, dn );
+		if ( lc->local_dn.bv_val )
+			ch_free( lc->local_dn.bv_val );
+		ber_dupbv( &lc->local_dn, ndn );
+		err = avl_insert( &li->conntree, (caddr_t)lc,
+			ldap_back_conn_cmp, ldap_back_conn_dup );
+		ldap_pvt_thread_mutex_unlock( &li->conn_mutex );
+		if ( err == -1 ) {
+			ldap_back_conn_free( lc );
+		}
 	}
-	
+
 	return( rc );
 }
 
@@ -153,8 +172,16 @@ ldap_back_conn_cmp(
 {
 	const struct ldapconn *lc1 = (const struct ldapconn *)c1;
 	const struct ldapconn *lc2 = (const struct ldapconn *)c2;
+	int rc;
 	
-	return ( ( lc1->conn < lc2->conn ) ? -1 : ( ( lc1->conn > lc2-> conn ) ? 1 : 0 ) );
+	/* If local DNs don't match, it is definitely not a match */
+	if ( ( rc = ber_bvcmp( &lc1->local_dn, &lc2->local_dn )) )
+		return rc;
+
+	/* For shared sessions, conn is NULL. Only explicitly
+	 * bound sessions will have non-NULL conn.
+	 */
+	return lc1->conn - lc2->conn;
 }
 
 /*
@@ -172,13 +199,18 @@ ldap_back_conn_dup(
 	struct ldapconn *lc1 = (struct ldapconn *)c1;
 	struct ldapconn *lc2 = (struct ldapconn *)c2;
 
-	return( ( lc1->conn == lc2->conn ) ? -1 : 0 );
+	/* Cannot have more than one shared session with same DN */
+	if ( dn_match( &lc1->local_dn, &lc2->local_dn ) &&
+		 lc1->conn == lc2->conn ) return -1;
+		
+	return 0;
 }
 
 #if PRINT_CONNTREE > 0
 static void ravl_print( Avlnode *root, int depth )
 {
 	int     i;
+	struct ldapconn *lc;
 	
 	if ( root == 0 )
 		return;
@@ -188,7 +220,8 @@ static void ravl_print( Avlnode *root, int depth )
 	for ( i = 0; i < depth; i++ )
 		printf( "   " );
 
-	printf( "c(%ld) %d\n", ((struct ldapconn *) root->avl_data)->conn->c_connid, root->avl_bf );
+	lc = root->avl_data;
+	printf( "lc(%lx) local(%s) conn(%lx) %d\n", lc, lc->local_dn.bv_val, lc->conn, root->avl_bf );
 	
 	ravl_print( root->avl_left, depth+1 );
 }
@@ -212,9 +245,24 @@ ldap_back_getconn(struct ldapinfo *li, Connection *conn, Operation *op)
 {
 	struct ldapconn *lc, lc_curr;
 	LDAP *ld;
+	int is_priv = 0;
 
 	/* Searches for a ldapconn in the avl tree */
-	lc_curr.conn = conn;
+
+	/* Explicit binds must not be shared */
+	if ( op->o_tag == LDAP_REQ_BIND ) {
+		lc_curr.conn = conn;
+	} else {
+		lc_curr.conn = NULL;
+	}
+	
+	/* Internal searches are privileged. So is root. */
+	if ( op->o_do_not_cache || be_isroot( li->be, &op->o_ndn ) ) {
+		lc_curr.local_dn = li->be->be_rootndn;
+		is_priv = 1;
+	} else {
+		lc_curr.local_dn = op->o_ndn;
+	}
 	ldap_pvt_thread_mutex_lock( &li->conn_mutex );
 	lc = (struct ldapconn *)avl_find( li->conntree, 
 		(caddr_t)&lc_curr, ldap_back_conn_cmp );
@@ -237,11 +285,18 @@ ldap_back_getconn(struct ldapinfo *li, Connection *conn, Operation *op)
 		ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &vers);
 
 		lc = (struct ldapconn *)ch_malloc(sizeof(struct ldapconn));
-		lc->conn = conn;
+		lc->conn = lc_curr.conn;
 		lc->ld = ld;
+		ber_dupbv( &lc->local_dn, &lc_curr.local_dn );
 
-		lc->cred.bv_len = 0;
+		if ( is_priv ) {
-		lc->cred.bv_val = NULL;
+			ber_str2bv( li->bindpw, 0, 1, &lc->cred );
+		} else {
+			lc->cred.bv_len = 0;
+			lc->cred.bv_val = NULL;
+		}
+
+		ldap_pvt_thread_mutex_init( &lc->lc_mutex );
 
 #ifdef ENABLE_REWRITE
 		/*
@@ -250,7 +305,7 @@ ldap_back_getconn(struct ldapinfo *li, Connection *conn, Operation *op)
 		( void )rewrite_session_init( li->rwinfo, conn );
 #endif /* ENABLE_REWRITE */
 
-		if ( lc->conn->c_dn.bv_len != 0 ) {
+		if ( conn->c_dn.bv_len != 0 ) {
 			
 			/*
 			 * Rewrite the bind dn if needed
@@ -259,24 +314,24 @@ ldap_back_getconn(struct ldapinfo *li, Connection *conn, Operation *op)
 			lc->bound_dn.bv_val = NULL;
 			lc->bound_dn.bv_len = 0;
 			switch ( rewrite_session( li->rwinfo, "bindDn",
-						lc->conn->c_dn.bv_val, conn,
+						conn->c_dn.bv_val, conn,
 						&lc->bound_dn.bv_val ) ) {
 			case REWRITE_REGEXEC_OK:
 				if ( lc->bound_dn.bv_val == NULL ) {
 					ber_dupbv( &lc->bound_dn,
-							&lc->conn->c_dn );
+							&conn->c_dn );
 				}
 #ifdef NEW_LOGGING
 				LDAP_LOG( BACK_LDAP, DETAIL1, 
 						"[rw] bindDn: \"%s\" ->" 
 						" \"%s\"\n%s",
-						lc->conn->c_dn.bv_val, 
+						conn->c_dn.bv_val, 
 						lc->bound_dn.bv_val, "" );
 #else /* !NEW_LOGGING */
 				Debug( LDAP_DEBUG_ARGS,
 					       	"rw> bindDn: \"%s\" ->"
 						" \"%s\"\n%s",
-						lc->conn->c_dn.bv_val,
+						conn->c_dn.bv_val,
 						lc->bound_dn.bv_val, "" );
 #endif /* !NEW_LOGGING */
 				break;
@@ -298,8 +353,8 @@ ldap_back_getconn(struct ldapinfo *li, Connection *conn, Operation *op)
 
 #else /* !ENABLE_REWRITE */
 			struct berval bv;
-			ldap_back_dn_massage( li, &lc->conn->c_dn, &bv, 0, 1 );
+			ldap_back_dn_massage( li, &conn->c_dn, &bv, 0, 1 );
-			if ( bv.bv_val == lc->conn->c_dn.bv_val ) {
+			if ( bv.bv_val == conn->c_dn.bv_val ) {
 				ber_dupbv( &lc->bound_dn, &bv );
 			} else {
 				lc->bound_dn = bv;
@@ -320,34 +375,34 @@ ldap_back_getconn(struct ldapinfo *li, Connection *conn, Operation *op)
 #if PRINT_CONNTREE > 0
 		myprint( li->conntree );
 #endif /* PRINT_CONNTREE */
-		
+	
 		ldap_pvt_thread_mutex_unlock( &li->conn_mutex );
 
 #ifdef NEW_LOGGING
 		LDAP_LOG( BACK_LDAP, INFO, 
-			"ldap_back_getconn: conn %ld inserted\n", lc->conn->c_connid, 0, 0);
+			"ldap_back_getconn: conn %lx inserted\n", lc, 0, 0);
 #else /* !NEW_LOGGING */
 		Debug( LDAP_DEBUG_TRACE,
-			"=>ldap_back_getconn: conn %ld inserted\n%s%s",
+			"=>ldap_back_getconn: conn %lx inserted\n%s%s",
-			lc->conn->c_connid, "", "" );
+			lc, "", "" );
 #endif /* !NEW_LOGGING */
-		
+	
 		/* Err could be -1 in case a duplicate ldapconn is inserted */
 		if ( err != 0 ) {
+			ldap_back_conn_free( lc );
 			send_ldap_result( conn, op, LDAP_OTHER,
 			NULL, "internal server error", NULL, NULL );
-			/* better destroy the ldapconn struct? */
 			return( NULL );
 		}
 	} else {
 #ifdef NEW_LOGGING
 		LDAP_LOG( BACK_LDAP, INFO, 
-			"ldap_back_getconn: conn %ld inserted\n", 
+			"ldap_back_getconn: conn %lx fetched\n", 
-			lc->conn->c_connid, 0, 0 );
+			lc, 0, 0 );
 #else /* !NEW_LOGGING */
 		Debug( LDAP_DEBUG_TRACE,
-			"=>ldap_back_getconn: conn %ld fetched%s%s\n",
+			"=>ldap_back_getconn: conn %lx fetched%s%s\n",
-			lc->conn->c_connid, "", "" );
+			lc, "", "" );
 #endif /* !NEW_LOGGING */
 	}
 	
@@ -362,26 +417,34 @@ ldap_back_getconn(struct ldapinfo *li, Connection *conn, Operation *op)
  * it can be used to simplify the check.
  */
 int
-ldap_back_dobind( struct ldapconn *lc, Operation *op )
+ldap_back_dobind( struct ldapconn *lc, Connection *conn, Operation *op )
 {	
+	int rc = 0;
+
+	ldap_pvt_thread_mutex_lock( &lc->lc_mutex );
 	if ( op->o_ctrls ) {
 		if ( ldap_set_option( lc->ld, LDAP_OPT_SERVER_CONTROLS,
 				op->o_ctrls ) != LDAP_SUCCESS ) {
-			ldap_back_op_result( lc, op );
+			ldap_back_op_result( lc, conn, op );
-			return( 0 );
+			goto leave;
 		}
 	}
 	
 	if ( lc->bound ) {
-		return( lc->bound );
+		rc = lc->bound;
+		goto leave;
 	}
 
 	if ( ldap_bind_s( lc->ld, lc->bound_dn.bv_val, lc->cred.bv_val, 
 				LDAP_AUTH_SIMPLE ) != LDAP_SUCCESS ) {
-		ldap_back_op_result( lc, op );
+		ldap_back_op_result( lc, conn, op );
-		return( 0 );
+		goto leave;
 	} /* else */
-	return( lc->bound = 1 );
+
+	rc = lc->bound = 1;
+leave:
+	ldap_pvt_thread_mutex_unlock( &lc->lc_mutex );
+	return rc;
 }
 
 /*
@@ -447,13 +510,17 @@ ldap_back_map_result(int err)
 }
 
 int
-ldap_back_op_result(struct ldapconn *lc, Operation *op)
+ldap_back_op_result(struct ldapconn *lc, Connection *conn, Operation *op)
 {
 	int err = LDAP_SUCCESS;
 	char *msg = NULL;
 	char *match = NULL;
 
 	ldap_get_option(lc->ld, LDAP_OPT_ERROR_NUMBER, &err);
+
+	/* internal ops must not reply to client */
+	if ( !conn || op->o_do_not_cache ) goto quiet;
+
 	ldap_get_option(lc->ld, LDAP_OPT_ERROR_STRING, &msg);
 	ldap_get_option(lc->ld, LDAP_OPT_MATCHED_DN, &match);
 	err = ldap_back_map_result(err);
@@ -463,7 +530,7 @@ ldap_back_op_result(struct ldapconn *lc, Operation *op)
 	/*
 	 * FIXME: need rewrite info for match; mmmh ...
 	 */
-	send_ldap_result( lc->conn, op, err, match, msg, NULL, NULL );
+	send_ldap_result( conn, op, err, match, msg, NULL, NULL );
 	/* better test the pointers before freeing? */
 	if ( match ) {
 		free( match );
@@ -471,7 +538,7 @@ ldap_back_op_result(struct ldapconn *lc, Operation *op)
 
 #else /* !ENABLE_REWRITE */
 
-	send_ldap_result( lc->conn, op, err, match, msg, NULL, NULL );
+	send_ldap_result( conn, op, err, match, msg, NULL, NULL );
 	/* better test the pointers before freeing? */
 	if ( match ) {
 		free( match );
@@ -480,6 +547,7 @@ ldap_back_op_result(struct ldapconn *lc, Operation *op)
 #endif /* !ENABLE_REWRITE */
 
 	if ( msg ) free( msg );
+quiet:
 	return( (err==LDAP_SUCCESS) ? 0 : -1 );
 }
 

servers/slapd/back-ldap/compare.c

@@ -61,7 +61,7 @@ ldap_back_compare(
 	struct berval mdn = { 0, NULL };
 
 	lc = ldap_back_getconn(li, conn, op);
-	if (!lc || !ldap_back_dobind( lc, op ) ) {
+	if (!lc || !ldap_back_dobind( lc, conn, op ) ) {
 		return( -1 );
 	}
 
@@ -121,5 +121,5 @@ ldap_back_compare(
 		free( mdn.bv_val );
 	}
 	
-	return( ldap_back_op_result( lc, op ) );
+	return( ldap_back_op_result( lc, conn, op ) );
 }

servers/slapd/back-ldap/delete.c

@@ -61,7 +61,7 @@ ldap_back_delete(
 
 	lc = ldap_back_getconn( li, conn, op );
 	
-	if ( !lc || !ldap_back_dobind( lc, op ) ) {
+	if ( !lc || !ldap_back_dobind( lc, conn, op ) ) {
 		return( -1 );
 	}
 
@@ -103,5 +103,5 @@ ldap_back_delete(
 		free( mdn.bv_val );
 	}
 	
-	return( ldap_back_op_result( lc, op ) );
+	return( ldap_back_op_result( lc, conn, op ) );
 }

servers/slapd/back-ldap/group.c

@@ -33,13 +33,13 @@ ldap_back_group(
 )
 {
 	struct ldapinfo *li = (struct ldapinfo *) be->be_private;    
-	int rc = 1;
+	struct ldapconn *lc;
+	int rc = 1, oc;
 	Attribute   *attr;
 
 	LDAPMessage	*result;
 	char *gattr[2];
 	char *filter = NULL, *ptr;
-	LDAP *ld;
 	struct berval mop_ndn = { 0, NULL }, mgr_ndn = { 0, NULL };
 
 	AttributeDescription *ad_objectClass = slap_schema.si_ad_objectClass;
@@ -170,14 +170,15 @@ ldap_back_group(
 	if (filter == NULL)
 		goto cleanup;
 
-	if (ldap_initialize(&ld, li->url) != LDAP_SUCCESS) {
+	/* Tell getconn this is a privileged op */
-		goto cleanup;
+	oc = op->o_do_not_cache;
-	}
+	op->o_do_not_cache = 1;
-
+	lc = ldap_back_getconn(li, conn, op);
-	if (ldap_bind_s(ld, li->binddn, li->bindpw, LDAP_AUTH_SIMPLE)
+	if ( !lc || !ldap_back_dobind( lc, NULL, op ) ) {
-			!= LDAP_SUCCESS) {
+		op->o_do_not_cache = oc;
 		goto cleanup;
 	}
+	op->o_do_not_cache = oc;
 
 	ptr = lutil_strcopy(filter, "(&(objectclass=");
 	ptr = lutil_strcopy(ptr, group_oc_name.bv_val);
@@ -189,18 +190,15 @@ ldap_back_group(
 
 	gattr[0] = "objectclass";
 	gattr[1] = NULL;
-	if (ldap_search_ext_s(ld, mgr_ndn.bv_val, LDAP_SCOPE_BASE, filter,
+	if (ldap_search_ext_s(lc->ld, mgr_ndn.bv_val, LDAP_SCOPE_BASE, filter,
 		gattr, 0, NULL, NULL, LDAP_NO_LIMIT,
 		LDAP_NO_LIMIT, &result) == LDAP_SUCCESS) {
-		if (ldap_first_entry(ld, result) != NULL)
+		if (ldap_first_entry(lc->ld, result) != NULL)
 			rc = 0;
 		ldap_msgfree(result);
 	}
 
 cleanup:;
-	if ( ld != NULL ) {
-		ldap_unbind(ld);
-	}
 	ch_free(filter);
 	if ( mop_ndn.bv_val != op_ndn->bv_val ) {
 		free( mop_ndn.bv_val );

servers/slapd/back-ldap/init.c

@@ -124,13 +124,14 @@ ldap_back_db_init(
 
 	ldap_back_map_init( &li->at_map, &mapping );
 
+	li->be = be;
 	be->be_private = li;
 
 	return 0;
 }
 
-static void
+void
-conn_free( 
+ldap_back_conn_free( 
 	void *v_lc
 )
 {
@@ -142,6 +143,10 @@ conn_free(
 	if ( lc->cred.bv_val ) {
 		ch_free( lc->cred.bv_val );
 	}
+	if ( lc->local_dn.bv_val ) {
+		ch_free( lc->local_dn.bv_val );
+	}
+	ldap_pvt_thread_mutex_destroy( &lc->lc_mutex );
 	ch_free( lc );
 }
 
@@ -179,7 +184,7 @@ ldap_back_db_destroy(
 			li->bindpw = NULL;
 		}
                 if (li->conntree) {
-			avl_free( li->conntree, conn_free );
+			avl_free( li->conntree, ldap_back_conn_free );
 		}
 #ifdef ENABLE_REWRITE
 		if (li->rwinfo) {

servers/slapd/back-ldap/modify.c

@@ -65,7 +65,7 @@ ldap_back_modify(
 	struct berval mdn = { 0, NULL };
 
 	lc = ldap_back_getconn(li, conn, op);
-	if ( !lc || !ldap_back_dobind( lc, op ) ) {
+	if ( !lc || !ldap_back_dobind( lc, conn, op ) ) {
 		return( -1 );
 	}
 
@@ -170,6 +170,6 @@ cleanup:;
 		ch_free(modv[i]->mod_bvalues);
 	ch_free(mods);
 	ch_free(modv);
-	return( ldap_back_op_result( lc, op ));
+	return( ldap_back_op_result( lc, conn, op ));
 }
 

servers/slapd/back-ldap/modrdn.c

@@ -65,7 +65,7 @@ ldap_back_modrdn(
 	struct berval mdn = { 0, NULL }, mnewSuperior = { 0, NULL };
 
 	lc = ldap_back_getconn( li, conn, op );
-	if ( !lc || !ldap_back_dobind(lc, op) ) {
+	if ( !lc || !ldap_back_dobind(lc, conn, op) ) {
 		return( -1 );
 	}
 
@@ -156,5 +156,5 @@ ldap_back_modrdn(
 		free( mnewSuperior.bv_val );
 	}
 	
-	return( ldap_back_op_result( lc, op ) );
+	return( ldap_back_op_result( lc, conn, op ) );
 }

servers/slapd/back-ldap/search.c

@@ -48,7 +48,7 @@
 #undef ldap_debug	/* silence a warning in ldap-int.h */
 #include "../../../libraries/libldap/ldap-int.h"
 
-static int ldap_send_entry( Backend *be, Operation *op, struct ldapconn *lc,
+static int ldap_send_entry( Backend *be, Operation *op, Connection *conn,
                              LDAPMessage *e, AttributeName *attrs, int attrsonly );
 
 int
@@ -95,7 +95,7 @@ ldap_back_search(
 	 * FIXME: in case of values return filter, we might want
 	 * to map attrs and maybe rewrite value
 	 */
-	if ( !ldap_back_dobind( lc, op ) ) {
+	if ( !ldap_back_dobind( lc, conn, op ) ) {
 		return( -1 );
 	}
 
@@ -264,7 +264,7 @@ ldap_back_search(
 			mapped_attrs, attrsonly);
 	if ( msgid == -1 ) {
 fail:;
-		rc = ldap_back_op_result(lc, op);
+		rc = ldap_back_op_result(lc, conn, op);
 		goto finish;
 	}
 
@@ -291,7 +291,7 @@ fail:;
 
 		} else if (rc == LDAP_RES_SEARCH_ENTRY) {
 			e = ldap_first_entry(lc->ld,res);
-			if ( ldap_send_entry(be, op, lc, e, attrs, attrsonly) 
+			if ( ldap_send_entry(be, op, conn, e, attrs, attrsonly) 
 					== LDAP_SUCCESS ) {
 				count++;
 			}
@@ -425,7 +425,7 @@ static int
 ldap_send_entry(
 	Backend *be,
 	Operation *op,
-	struct ldapconn *lc,
+	Connection *conn,
 	LDAPMessage *e,
 	AttributeName *attrs,
 	int attrsonly
@@ -449,7 +449,7 @@ ldap_send_entry(
 	 * Rewrite the dn of the result, if needed
 	 */
 	switch ( rewrite_session( li->rwinfo, "searchResult",
-				bdn.bv_val, lc->conn, &ent.e_name.bv_val ) ) {
+				bdn.bv_val, conn, &ent.e_name.bv_val ) ) {
 	case REWRITE_REGEXEC_OK:
 		if ( ent.e_name.bv_val == NULL ) {
 			ent.e_name = bdn;
@@ -578,7 +578,7 @@ ldap_send_entry(
 				switch ( rewrite_session( li->rwinfo,
 							"searchResult",
 							bv->bv_val,
-							lc->conn, 
+							conn, 
 							&newval.bv_val )) {
 				case REWRITE_REGEXEC_OK:
 					/* left as is */
@@ -621,7 +621,7 @@ ldap_send_entry(
 		*attrp = attr;
 		attrp = &attr->a_next;
 	}
-	send_search_entry( be, lc->conn, op, &ent, attrs, attrsonly, NULL );
+	send_search_entry( be, conn, op, &ent, attrs, attrsonly, NULL );
 	while (ent.e_attrs) {
 		attr = ent.e_attrs;
 		ent.e_attrs = attr->a_next;

servers/slapd/back-ldap/unbind.c

@@ -64,6 +64,7 @@ ldap_back_conn_destroy(
 #endif /* !NEW_LOGGING */
 
 	lc_curr.conn = conn;
+	lc_curr.local_dn = conn->c_ndn;
 	
 	ldap_pvt_thread_mutex_lock( &li->conn_mutex );
 	lc = avl_delete( &li->conntree, (caddr_t)&lc_curr, ldap_back_conn_cmp );
@@ -92,14 +93,7 @@ ldap_back_conn_destroy(
 		 * and calling ldap_unbind on a corrupted header results
 		 * in a segmentation fault
 		 */
-		ldap_unbind(lc->ld);
+		ldap_back_conn_free( lc );
-		if ( lc->bound_dn.bv_val ) {
-			ch_free( lc->bound_dn.bv_val );
-		}
-		if ( lc->cred.bv_val ) {
-			ch_free( lc->cred.bv_val );
-		}
-		ch_free( lc );
 	}
 
 	/* no response to unbind */