Commit fa1624a2 authored by Howard Chu's avatar Howard Chu Committed by Quanah Gibson-Mount
Browse files

ITS#8142 cleanup prev commit

Only drop connection if user originally bound to this backend,
and rebind-as-user was set. Sessions from other backends would
use idassert-bind so loss of creds doesn't affect them.
parent faef608a
......@@ -1575,7 +1575,12 @@ retry:;
op->o_tag = o_tag;
rs->sr_text = "Proxy can't contact remote server";
send_ldap_result( op, rs );
rs->sr_err = SLAPD_DISCONNECT;
/* if we originally bound and wanted rebind-as-user, must drop
* the connection now because we just discarded the credentials.
* ITS#7464, #8142
*/
if ( LDAP_BACK_SAVECRED( li ) && SLAP_IS_AUTHZ_BACKEND( op ) )
rs->sr_err = SLAPD_DISCONNECT;
}
rc = 0;
......
......@@ -645,7 +645,12 @@ finish:;
ldap_back_release_conn( li, lc );
}
if ( rs->sr_err == LDAP_UNAVAILABLE )
if ( rs->sr_err == LDAP_UNAVAILABLE &&
/* if we originally bound and wanted rebind-as-user, must drop
* the connection now because we just discarded the credentials.
* ITS#7464, #8142
*/
LDAP_BACK_SAVECRED( li ) && SLAP_IS_AUTHZ_BACKEND( op ) )
rs->sr_err = SLAPD_DISCONNECT;
return rs->sr_err;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment