mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2024-12-27 03:20:22 +08:00
Code Issues Packages Projects Releases Wiki Activity

ITS#9468 back-ldap: Return disconect if rebind cannot be done

Browse Source
This commit is contained in:
Tero Saarni 2021-03-05 10:51:28 +02:00 committed by Quanah Gibson-Mount
parent 6b55a3ba1c
commit 97217da5e3
1 changed files with 18 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
servers/slapd/back-ldap/bind.c
View File

@ -1482,9 +1482,25 @@ retry_lock:;
retry:;
if ( BER_BVISNULL( &lc->lc_cred ) ) {
tmp_dn = "";
/*
* Bind is requested with DN but without credentials.
* This can happen when connection to remote server has been
* lost either due to remote server disconnecting it or due to
* proxy disconnecting it by itself (idle-timeout, conn-ttl).
*/
if ( !BER_BVISNULL( &lc->lc_bound_ndn ) && !BER_BVISEMPTY( &lc->lc_bound_ndn ) ) {
Debug( LDAP_DEBUG_ANY, "%s ldap_back_dobind_int: DN=\"%s\" without creds, binding anonymously",
op->o_log_prefix, lc->lc_bound_ndn.bv_val );
Debug( LDAP_DEBUG_ANY,
"%s ldap_back_dobind_int: DN=\"%s\" connection "
"was re-established but cannot rebind without creds\n",
op->o_log_prefix, lc->lc_bound_ndn.bv_val );
rs->sr_text = "Proxy lost connection to remote server";
rs->sr_err = LDAP_UNAVAILABLE;
if ( sendok & LDAP_BACK_SENDERR ) {
send_ldap_result( op, rs );
}
rs->sr_err = SLAPD_DISCONNECT;
rc = 0;
goto done;
}
} else {