ITS#5440

CHANGES

@@ -25,6 +25,7 @@ OpenLDAP 2.4.9 Engineering
 	Fixed slapd-bdb entryinfo state if db_lock fails (ITS#5455)
 	Fixed slapd-config attribute publishing (ITS#5383)
 	Fixed slapd-ldap connection handler (ITS#5404)
+	Fixed slapd-meta connections on error (ITS#5440)
 	Fixed slapo-auditlog unnecessary syscall (ITS#5441)
 	Fixed slapo-refint dnSubtreeMatch (ITS#5427)
 	Fixed slapo-refint global referential integrity (ITS#5428)

doc/man/man5/slapd-meta.5

@@ -139,11 +139,12 @@ If set before any target specification, it affects all targets, unless
 overridden by any per-target directive.
 
 .TP
-.B pseudoroot-bind-defer {NO|yes}
+.B pseudoroot-bind-defer {YES|no}
 This directive, when set to 
 .BR yes ,
 causes the authentication to the remote servers with the pseudo-root
 identity to be deferred until actually needed by subsequent operations.
+Otherwise, all binds as the rootdn are propagated to the targets.
 
 .TP
 .B quarantine <interval>,<num>[;<interval>,<num>[...]]

servers/slapd/back-meta/config.c

@@ -802,7 +802,7 @@ meta_back_db_config(
 	{
 		if ( argc != 2 ) {
 			Debug( LDAP_DEBUG_ANY,
-	"%s: line %d: \"[pseudo]root-bind-defer {FALSE|true}\" takes 1 argument\n",
+	"%s: line %d: \"[pseudo]root-bind-defer {TRUE|false}\" takes 1 argument\n",
 				fname, lineno, 0 );
 			return( 1 );
 		}
@@ -818,7 +818,7 @@ meta_back_db_config(
 
 		default:
 			Debug( LDAP_DEBUG_ANY,
-	"%s: line %d: \"[pseudo]root-bind-defer {FALSE|true}\": invalid arg \"%s\".\n",
+	"%s: line %d: \"[pseudo]root-bind-defer {TRUE|false}\": invalid arg \"%s\".\n",
 				fname, lineno, argv[ 1 ] );
 			return 1;
 		}

servers/slapd/back-meta/init.c

@@ -99,6 +99,10 @@ meta_back_db_init(
  		return -1;
  	}
 
+	/* set default flags */
+	mi->mi_flags =
+		META_BACK_F_DEFER_ROOTDN_BIND;
+
 	/*
 	 * At present the default is no default target;
 	 * this may change