Mercurial > dovecot > core-2.2

changeset 18536:5dc00179dd60

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
ldap auth: If password is already verified (e.g. master user login), skip LDAP auth binding. This happens only if auth_bind_userdn isn't set, i.e. it only makes sense if the LDAP DN lookup also returns some extra fields.
author Timo Sirainen <tss@iki.fi>
date Thu, 07 May 2015 11:21:33 +0300
parents 34b5abf6b9b7
children 8a3da4ef590f
files src/auth/passdb-ldap.c
diffstat 1 files changed, 6 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/src/auth/passdb-ldap.c	Thu May 07 00:01:16 2015 +0300
+++ b/src/auth/passdb-ldap.c	Thu May 07 11:21:33 2015 +0300
@@ -260,6 +260,12 @@
 	} else if (res == NULL || passdb_ldap_request->entries != 1) {
 		/* failure */
 		ldap_bind_lookup_dn_fail(auth_request, passdb_ldap_request, res);
+	} else if (auth_request->skip_password_check) {
+		/* we've already verified that the password matched -
+		   we just wanted to get any extra fields */
+		passdb_ldap_request->callback.
+			verify_plain(PASSDB_RESULT_OK, auth_request);
+		auth_request_unref(&auth_request);
 	} else {
 		/* create a new bind request */
 		brequest = p_new(auth_request->pool,