Fix prev commit, use c_authtype

servers/slapd/backend.c

@@ -1035,7 +1035,7 @@ backend_check_restrictions(
 		if( requires & SLAP_REQUIRE_STRONG ) {
 			/* should check mechanism */
 			if( ( op->o_transport_ssf < ssf->sss_transport
-				&& op->o_authmech.bv_len == 0 ) || op->o_dn.bv_len == 0 )
+				&& op->o_authtype == LDAP_AUTH_SIMPLE ) || op->o_dn.bv_len == 0 )
 			{
 				rs->sr_text = "strong authentication required";
 				rs->sr_err = LDAP_STRONG_AUTH_REQUIRED;
@@ -1044,7 +1044,7 @@ backend_check_restrictions(
 		}
 
 		if( requires & SLAP_REQUIRE_SASL ) {
-			if( op->o_authmech.bv_len == 0 || op->o_dn.bv_len == 0 ) {
+			if( op->o_authtype != LDAP_AUTH_SASL || op->o_dn.bv_len == 0 ) {
 				rs->sr_text = "SASL authentication required";
 				rs->sr_err = LDAP_STRONG_AUTH_REQUIRED;
 				return rs->sr_err;

servers/slapd/bind.c

@@ -684,8 +684,11 @@ do_bind(
 #endif /* defined( LDAP_SLAPI ) */
 
 cleanup:
-	if ( rs->sr_err == LDAP_SUCCESS && method != LDAP_AUTH_SASL ) {
-		ber_dupbv( &op->o_conn->c_authmech, &mech );
+	if ( rs->sr_err == LDAP_SUCCESS ) {
+		if ( method != LDAP_AUTH_SASL ) {
+			ber_dupbv( &op->o_conn->c_authmech, &mech );
+		}
+		op->o_conn->c_authtype = method;
 	}
 
 	op->o_conn->c_sasl_bindop = NULL;