From 3e9a21ae4e41f1680fc899795f272f80c2d9aef9 Mon Sep 17 00:00:00 2001

From: Mark Reynolds <mreynolds@redhat.com>

Date: Tue, 9 Oct 2012 12:59:48 -0400

Subject: [PATCH 3/5] Ticket #446 - anonymous limits are being applied to

 directory manager

Bug Description:  If you set "anonymous limits" they are incorrectly applied

                  to the root DN

Fix Description:  When a connection is first accepted we set the anonymous limits

                  before we process the bind, because there might not be a bind operation.

                  However, we fail to clear out the resouce limits if the bind DN is

                  the root dn.

https://fedorahosted.org/389/ticket/446

Reviewed by:  richm(Thanks!)

(cherry picked from commit 53e16eda8e2a82a45deb39129bbe839beb036c70)

---

 ldap/servers/slapd/pblock.c |    6 ++++--

 1 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/ldap/servers/slapd/pblock.c b/ldap/servers/slapd/pblock.c

index baee7a7..33559a7 100644

--- a/ldap/servers/slapd/pblock.c

+++ b/ldap/servers/slapd/pblock.c

@@ -3639,7 +3639,7 @@ bind_credentials_set_nolock( Connection *conn, char *authtype, char *normdn,

 {

 	/* clear credentials */

 	bind_credentials_clear( conn, PR_FALSE /* conn is already locked */,

-			( extauthtype != NULL ) /* clear external creds. if requested */ );

+		( extauthtype != NULL ) /* clear external creds. if requested */ );

 	/* set primary credentials */

 	slapi_ch_free((void**)&conn->c_authtype);

@@ -3657,7 +3657,6 @@ bind_credentials_set_nolock( Connection *conn, char *authtype, char *normdn,

 		conn->c_client_cert = clientcert;

 	}

-

 	/* notify binder-based resource limit subsystem about the change in DN */

 	if ( !conn->c_isroot )

 	{

@@ -3681,5 +3680,8 @@ bind_credentials_set_nolock( Connection *conn, char *authtype, char *normdn,

 			slapi_ch_free_string( &anon_dn );

 		}

+	} else {

+		/* For root dn clear about the resource limits */

+		reslimit_update_from_entry( conn, NULL );

 	}

 }

-- 

1.7.7.6