>From 5729040f8032b537a00dfcc832282084d89460ea Mon Sep 17 00:00:00 2001 From: Nathan Kinder Date: Wed, 2 Dec 2009 14:03:47 -0800 Subject: [PATCH 2/2] Bug 201275 - Make SASL EXTERNAL bind obey account lock This patch makes SASL EXTERNAL binds obey the account lock. The previous code was allowing the bind through even if the account was locked. This patch was contributed by Ulf Weltman of Hewlett Packard. --- ldap/servers/slapd/bind.c | 12 ++++++++++++ 1 files changed, 12 insertions(+), 0 deletions(-) diff --git a/ldap/servers/slapd/bind.c b/ldap/servers/slapd/bind.c index abb027a..79d8c5c 100644 --- a/ldap/servers/slapd/bind.c +++ b/ldap/servers/slapd/bind.c @@ -39,6 +39,7 @@ * Contributors: * Hewlett-Packard Development Company, L.P. * Bugfix for bug #193297 + * Bugfix for bug #201275 * * END COPYRIGHT BLOCK **/ @@ -424,6 +425,17 @@ do_bind( Slapi_PBlock *pb ) goto free_and_return; } + if (!isroot ) { + /* check if the account is locked */ + bind_target_entry = get_entry(pb, pb->pb_conn->c_external_dn); + if ( bind_target_entry != NULL && check_account_lock(pb, bind_target_entry, + pw_response_requested, 0 /*not account_inactivation_only*/ ) == 1) { + /* call postop plugins */ + plugin_call_plugins( pb, SLAPI_PLUGIN_POST_BIND_FN ); + goto free_and_return; + } + } + /* * copy external credentials into connection structure */ -- 1.6.2.5