mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-01-24 13:24:56 +08:00
Code Issues Packages Projects Releases Wiki Activity

don't idassert anonymous unless explicitly configured (ITS#4272)

Browse Source
This commit is contained in:
Pierangelo Masarati 2005-12-20 20:43:14 +00:00
parent 8346de462b
commit 8c2ceeb605
1 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
servers/slapd/back-ldap/bind.c
View File

@ -1032,7 +1032,22 @@ ldap_back_proxy_authz_bind( ldapconn_t *lc, Operation *op, SlapReply *rs )
default:
/* NOTE: rootdn can always idassert */
if ( li->li_idassert_authz && !be_isroot( op ) ) {
if ( BER_BVISNULL( &ndn ) && li->li_idassert_authz == NULL ) {
if ( li->li_idassert_flags & LDAP_BACK_AUTH_PRESCRIPTIVE ) {
rs->sr_err = LDAP_INAPPROPRIATE_AUTH;
send_ldap_result( op, rs );
LDAP_BACK_CONN_ISBOUND_CLEAR( lc );
} else {
rs->sr_err = LDAP_SUCCESS;
binddn = slap_empty_bv;
bindcred = slap_empty_bv;
break;
}
goto done;
} else if ( li->li_idassert_authz && !be_isroot( op ) ) {
struct berval authcDN;
if ( BER_BVISNULL( &ndn ) ) {