From ab46f87224706a7023596b4261cbcc66b5bc037b Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Mar 27 2013 16:25:26 +0000
Subject: Ticket 458 - Need to properly check if the password admin dn is set


Bug Description:  We were previously checking if password admin sdn was NULL,
                  which it never is.  So it would always search the database
                  looking for the password admins.

Fix Description:  Call slapi_sdn_get_dn() to see if the DN was actually set.

https://fedorahosted.org/389/ticket/458

Reviewed by: richm(Thanks Rich!)

---

diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c
index b31c2a8..3bb87d7 100644
--- a/ldap/servers/slapd/pw.c
+++ b/ldap/servers/slapd/pw.c
@@ -1535,6 +1535,7 @@ pw_get_admin_users(passwdPolicy *pwp)
 	const Slapi_DN *sdn = pwp->pw_admin;
 	char **uniquemember_vals = NULL;
 	char **member_vals = NULL;
+	char *binddn = slapi_sdn_get_dn(sdn);
 	int uniquemember_count = 0;
 	int member_count = 0;
 	int nentries = 0;
@@ -1542,13 +1543,13 @@ pw_get_admin_users(passwdPolicy *pwp)
 	int res;
 	int i;
 
-	if(sdn == NULL){
+	if(binddn == NULL){
 		return;
 	}
 	/*
 	 *  Check if the DN exists and has "group" objectclasses
 	 */
-	slapi_search_internal_set_pb(pb, slapi_sdn_get_dn(sdn), LDAP_SCOPE_BASE,"(|(objectclass=groupofuniquenames)(objectclass=groupofnames))",
+	slapi_search_internal_set_pb(pb, binddn, LDAP_SCOPE_BASE,"(|(objectclass=groupofuniquenames)(objectclass=groupofnames))",
 		NULL, 0, NULL, NULL, (void *) plugin_get_default_component_id(), 0);
 	slapi_search_internal_pb(pb);
 	slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &res);