Mercurial > dovecot > core-2.2
changeset 18536:5dc00179dd60
ldap auth: If password is already verified (e.g. master user login), skip LDAP auth binding.
This happens only if auth_bind_userdn isn't set, i.e. it only makes sense if
the LDAP DN lookup also returns some extra fields.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Thu, 07 May 2015 11:21:33 +0300 |
parents | 34b5abf6b9b7 |
children | 8a3da4ef590f |
files | src/auth/passdb-ldap.c |
diffstat | 1 files changed, 6 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/src/auth/passdb-ldap.c Thu May 07 00:01:16 2015 +0300 +++ b/src/auth/passdb-ldap.c Thu May 07 11:21:33 2015 +0300 @@ -260,6 +260,12 @@ } else if (res == NULL || passdb_ldap_request->entries != 1) { /* failure */ ldap_bind_lookup_dn_fail(auth_request, passdb_ldap_request, res); + } else if (auth_request->skip_password_check) { + /* we've already verified that the password matched - + we just wanted to get any extra fields */ + passdb_ldap_request->callback. + verify_plain(PASSDB_RESULT_OK, auth_request); + auth_request_unref(&auth_request); } else { /* create a new bind request */ brequest = p_new(auth_request->pool,