From 4e5c69d170984896edcf90a548b49c71eb6019c1 Mon Sep 17 00:00:00 2001
From: Quanah Gibson-Mount <quanah@openldap.org>
Date: Thu, 10 Jun 2010 19:26:51 +0000
Subject: [PATCH] make sure bind credentials are consistent

---
 servers/slapd/back-meta/search.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/servers/slapd/back-meta/search.c b/servers/slapd/back-meta/search.c
index ae1a4f64e4..eaa0311729 100644
--- a/servers/slapd/back-meta/search.c
+++ b/servers/slapd/back-meta/search.c
@@ -232,6 +232,21 @@ meta_search_dobind_init(
 
 	assert( msc->msc_ld != NULL );
 
+	if ( !BER_BVISEMPTY( &binddn ) && BER_BVISEMPTY( &cred ) ) {
+		/* bind anonymously? */
+		Debug( LDAP_DEBUG_ANY, "%s meta_search_dobind_init[%d] mc=%p: "
+			"non-empty dn with empty cred; binding anonymously\n",
+			op->o_log_prefix, candidate, (void *)mc );
+		cred = slap_empty_bv;
+		
+	} else if ( BER_BVISEMPTY( &binddn ) && !BER_BVISEMPTY( &cred ) ) {
+		/* error */
+		Debug( LDAP_DEBUG_ANY, "%s meta_search_dobind_init[%d] mc=%p: "
+			"empty dn with non-empty cred: error\n",
+			op->o_log_prefix, candidate, (void *)mc );
+		goto other;
+	}
+
 	/* connect must be async only the first time... */
 	ldap_set_option( msc->msc_ld, LDAP_OPT_CONNECT_ASYNC, LDAP_OPT_ON );
 
-- 
GitLab