Mercurial > dovecot > core-2.2
changeset 20848:89c2722e9bd1
auth: Fix default SASL bind for LDAP
User may configure Dovecot to use SASL bind as default bind method. This can
be the case when ldapi:/// (or ldaps:///) with SASL EXTERNAL is used.
Currently, Dovecot returns LDAP connection to wrong bind state after first
successful auth bind, LDAP simple bind always used to rebind. This may broke
setup when ACL in LDAP configured not to allow search/bind for such simple
bind.
| author | Matwey V. Kornilov <matwey.kornilov@gmail.com> |
|---|---|
| date | Wed, 21 Sep 2016 10:55:47 +0300 |
| parents | 4a5429a7c7c4 |
| children | 4a52d8ab0240 |
| files | src/auth/db-ldap.c |
| diffstat | 1 files changed, 17 insertions(+), 8 deletions(-) [+] |
line wrap: on
line diff
--- a/src/auth/db-ldap.c Wed Sep 21 10:50:02 2016 +0300 +++ b/src/auth/db-ldap.c Wed Sep 21 10:55:47 2016 +0300 @@ -1027,7 +1027,7 @@ } #endif -static int db_ldap_bind(struct ldap_connection *conn) +static int db_ldap_bind_simple(struct ldap_connection *conn) { int msgid; @@ -1056,6 +1056,19 @@ return 0; } +static int db_ldap_bind(struct ldap_connection *conn) +{ + if (conn->set.sasl_bind) { + if (db_ldap_bind_sasl(conn) < 0) + return -1; + } else { + if (db_ldap_bind_simple(conn) < 0) + return -1; + } + + return 0; +} + static void db_ldap_get_fd(struct ldap_connection *conn) { int ret; @@ -1228,13 +1241,9 @@ #endif } - if (conn->set.sasl_bind) { - if (db_ldap_bind_sasl(conn) < 0) - return -1; - } else { - if (db_ldap_bind(conn) < 0) - return -1; - } + if (db_ldap_bind(conn) < 0) + return -1; + if (debug) { if (gettimeofday(&end, NULL) == 0) { int msecs = timeval_diff_msecs(&end, &start);