- Better LDAP connection support

- Fixed other small bugs

1 files changed, 19 insertions, 6 deletions

diff --git a/daemon/ldap.c b/daemon/ldap.c
index 37ef27a..3befc4b 100644
--- a/daemon/ldap.c
+++ b/daemon/ldap.c
@@ -650,6 +650,7 @@ static void save_ldap_connection(ldap_context_t* ctx, LDAP* ld)
   case LDAP_SERVER_DOWN:
   case LDAP_LOCAL_ERROR:
   case LDAP_NO_MEMORY:
+    discard_ldap_connection(ctx, ld);
     break;
 
   default:
@@ -667,13 +668,13 @@ static void save_ldap_connection(ldap_context_t* ctx, LDAP* ld)
 
     break;
   };
+}
 
-  if(ld != NULL)
-  {
-    ldap_unbind_s(ld);
-    ctx->pool_mark--;
-    ha_messagex(LOG_DEBUG, "ldap: discarding connection (total %d)", ctx->pool_mark);
-  }
+static discard_ldap_connection(ldap_context_t* ctx, LDAP* ld)
+{
+  ldap_unbind_s(ld);
+  ctx->pool_mark--;
+  ha_messagex(LOG_DEBUG, "ldap: discarding connection (total %d)", ctx->pool_mark);
 }
 
 static int retrieve_user_entry(ldap_context_t* ctx, const ha_request_t* req, LDAP* ld,
@@ -968,6 +969,18 @@ static int basic_ldap_response(ldap_context_t* ctx, const char* header,
     /* It worked! */
     ha_messagex(LOG_NOTICE, "ldap: validated basic user using bind: %s", basic.user);
     found = 1;
+
+    /* Now we have to rebind the connection back to the main user */
+    r = ldap_simple_bind_s(ld, ctx->user ? ctx->user : "",
+                           ctx->password ? ctx->password : "");
+    if(r != LDAP_SUCCESS)
+    {
+      report_ldap("ldap: couldn't rebind LDAP connection back to auth credentials", r);
+
+      /* Discard the connection since it's useless to us */
+      discard_ldap_connection(ctx, ld);
+      ld = NULL;
+    }
   }