From c62a82b07e1bcc4c795cb5185ee9f16406b05bd9 Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Wed, 3 Oct 2012 09:12:14 -0700
Subject: [PATCH] ITS#7403, #6296 fix AUTHZ_BACKEND handling

c_authz_cookie should only be set on explicit Bind requests.
---
 servers/slapd/back-ldap/bind.c | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/servers/slapd/back-ldap/bind.c b/servers/slapd/back-ldap/bind.c
index b099ae7df1..b7627af8cc 100644
--- a/servers/slapd/back-ldap/bind.c
+++ b/servers/slapd/back-ldap/bind.c
@@ -1581,7 +1581,6 @@ retry:;
 	rc = ldap_back_op_result( lc, op, rs, msgid,
 		-1, ( sendok | LDAP_BACK_BINDING ) );
 	if ( rc == LDAP_SUCCESS ) {
-		op->o_conn->c_authz_cookie = op->o_bd->be_private;
 		LDAP_BACK_CONN_ISBOUND_SET( lc );
 	}
 
@@ -2411,7 +2410,6 @@ ldap_back_proxy_authz_bind(
 				ber_bvreplace( &lc->lc_bound_ndn, &bv );
 			}
 #endif /* SLAP_AUTH_DN */
-			op->o_conn->c_authz_cookie = op->o_bd->be_private;
 			LDAP_BACK_CONN_ISBOUND_SET( lc );
 			break;
 
@@ -2482,7 +2480,6 @@ ldap_back_proxy_authz_bind(
 		 * so that referral chasing is attempted using the right
 		 * identity */
 		LDAP_BACK_CONN_ISBOUND_SET( lc );
-		op->o_conn->c_authz_cookie = op->o_bd->be_private;
 		if ( !BER_BVISNULL( binddn ) ) {
 			ber_bvreplace( &lc->lc_bound_ndn, binddn );
 		}
-- 
GitLab