ITS#6711 use idassert TLS conf for priv connection if aclbind not set

2025-01-24 13:24:56 +08:00 · 2011-02-02 20:06:28 +00:00 · 2011-02-02 20:06:28 +00:00 · aec5adac17
commit aec5adac17
parent c9e49778f4
1 changed files with 6 additions and 1 deletions
--- a/servers/slapd/back-ldap/bind.c
+++ b/servers/slapd/back-ldap/bind.c
@ -710,7 +710,12 @@ ldap_back_prepare_conn( ldapconn_t *lc, Operation *op, SlapReply *rs, ldap_back_

 #ifdef HAVE_TLS
 	if ( LDAP_BACK_CONN_ISPRIV( lc ) ) {
-		sb = &li->li_acl;
+		/* See "rationale:" comment in ldap_back_getconn() */
+		if ( BER_BVISNULL( &li->li_acl_authcDN ) &&
+			!BER_BVISNULL( &li->li_idassert_authcDN ) )
+			sb = &li->li_idassert.si_bc;
+		else
+			sb = &li->li_acl;

 	} else if ( LDAP_BACK_CONN_ISIDASSERT( lc ) ) {
 		sb = &li->li_idassert.si_bc;