From b6a06b66862de05d9e9ce37c1f858590b10eb45b Mon Sep 17 00:00:00 2001 From: Mark Reynolds Date: Oct 10 2012 23:07:14 +0000 Subject: Ticket #446 - anonymous limits are being applied to directory manager Bug Description: If you set "anonymous limits" they are incorrectly applied to the root DN Fix Description: When a connection is first accepted we set the anonymous limits before we process the bind, because there might not be a bind operation. However, we fail to clear out the resouce limits if the bind DN is the root dn. https://fedorahosted.org/389/ticket/446 Reviewed by: richm(Thanks!) (cherry picked from commit 53e16eda8e2a82a45deb39129bbe839beb036c70) --- diff --git a/ldap/servers/slapd/pblock.c b/ldap/servers/slapd/pblock.c index baee7a7..33559a7 100644 --- a/ldap/servers/slapd/pblock.c +++ b/ldap/servers/slapd/pblock.c @@ -3639,7 +3639,7 @@ bind_credentials_set_nolock( Connection *conn, char *authtype, char *normdn, { /* clear credentials */ bind_credentials_clear( conn, PR_FALSE /* conn is already locked */, - ( extauthtype != NULL ) /* clear external creds. if requested */ ); + ( extauthtype != NULL ) /* clear external creds. if requested */ ); /* set primary credentials */ slapi_ch_free((void**)&conn->c_authtype); @@ -3657,7 +3657,6 @@ bind_credentials_set_nolock( Connection *conn, char *authtype, char *normdn, conn->c_client_cert = clientcert; } - /* notify binder-based resource limit subsystem about the change in DN */ if ( !conn->c_isroot ) { @@ -3681,5 +3680,8 @@ bind_credentials_set_nolock( Connection *conn, char *authtype, char *normdn, slapi_ch_free_string( &anon_dn ); } + } else { + /* For root dn clear about the resource limits */ + reslimit_update_from_entry( conn, NULL ); } }