We always have to call find_base() in order to force libldap to open
the socket. However, if no base is actually required then there is
no reason to error out if find_base() fails. This condition can arise
when anonymous binds are disabled.
From 7cb7a7da4271101b7ad089d90716a27dd2041c0d Mon Sep 17 00:00:00 2001
From: Nathaniel McCallum <npmccal...@redhat.com>
Date: Mon, 14 Dec 2015 10:12:26 -0500
Subject: [PATCH] Don't error when find_base() fails if a base is not required

We always have to call find_base() in order to force libldap to open
the socket. However, if no base is actually required then there is
no reason to error out if find_base() fails. This condition can arise
when anonymous binds are disabled.
---
 daemons/ipa-otpd/main.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/daemons/ipa-otpd/main.c b/daemons/ipa-otpd/main.c
index a5d1f93ff06783d9139582aba51587f8f6641c29..aebc039bc05e5ddd04de2c0647a1cdb851a1b697 100644
--- a/daemons/ipa-otpd/main.c
+++ b/daemons/ipa-otpd/main.c
@@ -175,12 +175,13 @@ static krb5_error_code setup_ldap(const char *uri, krb5_boolean bind,
 
     /* Always find the base since this forces open the socket. */
     basetmp = find_base(ldp);
-    if (basetmp == NULL)
-        return ENOTCONN;
-    if (base != NULL)
+    if (base != NULL) {
+        if (basetmp == NULL)
+            return ENOTCONN;
         *base = basetmp;
-    else
+    } else {
         free(basetmp);
+    }
 
     /* Set default timeout to just return immediately for async requests. */
     memset(&timeout, 0, sizeof(timeout));
-- 
2.6.4

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to