1 files changed, 28 insertions, 4 deletions

diff --git a/ldap/servers/slapd/delete.c b/ldap/servers/slapd/delete.c
index 16d92937..fa7dbe39 100644
--- a/ldap/servers/slapd/delete.c
+++ b/ldap/servers/slapd/delete.c
@@ -269,6 +269,10 @@ static void op_shared_delete (Slapi_PBlock *pb)
 	Slapi_Entry	*ecopy = NULL;
 	char errorbuf[BUFSIZ];
 	int				err;
+	char		*proxydn = NULL;
+	char		*proxystr = NULL;
+	int		proxy_err = LDAP_SUCCESS;
+	char		*errtext = NULL;
 
 	slapi_pblock_get(pb, SLAPI_ORIGINAL_TARGET, &dn);
 	slapi_pblock_get(pb, SLAPI_OPERATION, &operation);
@@ -280,24 +284,42 @@ static void op_shared_delete (Slapi_PBlock *pb)
 	/* target spec is used to decide which plugins are applicable for the operation */
 	operation_set_target_spec (operation, &sdn);
 
+	/* get the proxy auth dn if the proxy auth control is present */
+	proxy_err = proxyauth_get_dn(pb, &proxydn, &errtext);
+
 	if (operation_is_flag_set(operation,OP_FLAG_ACTION_LOG_ACCESS))
 	{
+		if (proxydn)
+		{
+			proxystr = slapi_ch_smprintf(" authzid=\"%s\"", proxydn);
+		}
+
 		if (!internal_op )
 		{
-			slapi_log_access(LDAP_DEBUG_STATS, "conn=%" NSPRIu64 " op=%d DEL dn=\"%s\"\n",
+			slapi_log_access(LDAP_DEBUG_STATS, "conn=%" NSPRIu64 " op=%d DEL dn=\"%s\"%s\n",
 							pb->pb_conn->c_connid, 
 							pb->pb_op->o_opid,
-							escape_string(dn, ebuf));
+							escape_string(dn, ebuf),
+							proxystr ? proxystr: "");
 		}
 		else
 		{
-			slapi_log_access(LDAP_DEBUG_ARGS, "conn=%s op=%d DEL dn=\"%s\"\n",
+			slapi_log_access(LDAP_DEBUG_ARGS, "conn=%s op=%d DEL dn=\"%s\"%s\n",
 							LOG_INTERNAL_OP_CON_ID,
 							LOG_INTERNAL_OP_OP_ID,
-							escape_string(dn, ebuf));
+							escape_string(dn, ebuf),
+							proxystr ? proxystr: "");
 		}
 	}
 
+	/* If we encountered an error parsing the proxy control, return an error
+	 * to the client.  We do this here to ensure that we log the operation first. */
+	if (proxy_err != LDAP_SUCCESS)
+	{
+		send_ldap_result(pb, proxy_err, NULL, errtext, 0, NULL);
+		goto free_and_return;
+	}
+
 	/*
 	 * We could be serving multiple database backends.  Select the
 	 * appropriate one.
@@ -390,4 +412,6 @@ free_and_return:
 	slapi_pblock_get(pb, SLAPI_URP_NAMING_COLLISION_DN, &dn);
 	slapi_ch_free((void **)&dn);
 	slapi_sdn_done(&sdn);
+	slapi_ch_free_string(&proxydn);
+	slapi_ch_free_string(&proxystr);
 }