Commit 97217da5 authored by Tero Saarni's avatar Tero Saarni Committed by Quanah Gibson-Mount
Browse files

ITS#9468 back-ldap: Return disconect if rebind cannot be done

parent 6b55a3ba
......@@ -1482,9 +1482,25 @@ retry_lock:;
retry:;
if ( BER_BVISNULL( &lc->lc_cred ) ) {
tmp_dn = "";
/*
* Bind is requested with DN but without credentials.
* This can happen when connection to remote server has been
* lost either due to remote server disconnecting it or due to
* proxy disconnecting it by itself (idle-timeout, conn-ttl).
*/
if ( !BER_BVISNULL( &lc->lc_bound_ndn ) && !BER_BVISEMPTY( &lc->lc_bound_ndn ) ) {
Debug( LDAP_DEBUG_ANY, "%s ldap_back_dobind_int: DN=\"%s\" without creds, binding anonymously",
op->o_log_prefix, lc->lc_bound_ndn.bv_val );
Debug( LDAP_DEBUG_ANY,
"%s ldap_back_dobind_int: DN=\"%s\" connection "
"was re-established but cannot rebind without creds\n",
op->o_log_prefix, lc->lc_bound_ndn.bv_val );
rs->sr_text = "Proxy lost connection to remote server";
rs->sr_err = LDAP_UNAVAILABLE;
if ( sendok & LDAP_BACK_SENDERR ) {
send_ldap_result( op, rs );
}
rs->sr_err = SLAPD_DISCONNECT;
rc = 0;
goto done;
}
} else {
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment