From f186dfeab6dad4fdc753cd26c54d189120af17f5 Mon Sep 17 00:00:00 2001
From: Quanah Gibson-Mount <quanah@openldap.org>
Date: Wed, 30 Sep 2009 02:29:31 +0000
Subject: [PATCH] ITS#6296

---
 CHANGES                        | 1 +
 servers/slapd/back-ldap/bind.c | 4 ++++
 2 files changed, 5 insertions(+)

diff --git a/CHANGES b/CHANGES
index 0eb7d30380..b70cfcead3 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,7 @@ OpenLDAP 2.4.19 Engineering
 	Fixed slapd acl cache (ITS#6287)
 	Fixed slapd tools to allow -n for conversion (ITS#6258)
 	Fixed slapd-ldap with null timeouts (ITS#6282)
+	Fixed slapd-ldap with strong binds with relay/translucent (ITS#6296)
 	Fixed slapd-ldif buffer overflow (ITS#6303)
 	Fixed slapo-auditlog comments when modifying (ITS#6286)
 	Fixed slapo-dynlist lock leak (ITS#6308)
diff --git a/servers/slapd/back-ldap/bind.c b/servers/slapd/back-ldap/bind.c
index 0e06262639..8e74ad01d6 100644
--- a/servers/slapd/back-ldap/bind.c
+++ b/servers/slapd/back-ldap/bind.c
@@ -277,6 +277,8 @@ retry:;
 	ldap_back_controls_free( op, rs, &ctrls );
 
 	if ( rc == LDAP_SUCCESS ) {
+		op->o_conn->c_authz_cookie = op->o_bd->be_private;
+
 		/* If defined, proxyAuthz will be used also when
 		 * back-ldap is the authorizing backend; for this
 		 * purpose, after a successful bind the connection
@@ -1523,6 +1525,7 @@ retry:;
 	rc = ldap_back_op_result( lc, op, rs, msgid,
 		-1, ( sendok | LDAP_BACK_BINDING ) );
 	if ( rc == LDAP_SUCCESS ) {
+		op->o_conn->c_authz_cookie = op->o_bd->be_private;
 		LDAP_BACK_CONN_ISBOUND_SET( lc );
 	}
 
@@ -2249,6 +2252,7 @@ ldap_back_proxy_authz_bind(
 		 * so that referral chasing is attempted using the right
 		 * identity */
 		LDAP_BACK_CONN_ISBOUND_SET( lc );
+		op->o_conn->c_authz_cookie = op->o_bd->be_private;
 		if ( !BER_BVISNULL( binddn ) ) {
 			ber_bvreplace( &lc->lc_bound_ndn, binddn );
 		}
-- 
GitLab