diff options
| author | Ade Lee <alee@redhat.com> | 2012-08-31 16:17:48 -0400 |
|---|---|---|
| committer | Ade Lee <alee@redhat.com> | 2012-08-31 16:26:05 -0400 |
| commit | 36627bf3c66720a40761f247d7b8a3da3da2c554 (patch) | |
| tree | 44bec5f162565ebc5b1b6313861740c51e469c80 | |
| parent | e9ab0ec12bc7e22857850a6a183df825154971d4 (diff) | |
| download | pki-36627bf3c66720a40761f247d7b8a3da3da2c554.tar.gz pki-36627bf3c66720a40761f247d7b8a3da3da2c554.tar.xz pki-36627bf3c66720a40761f247d7b8a3da3da2c554.zip | |
Fixed anon connection factory to make no anonymous binds
This allow server to come up with DS where anon binds are turned off.
| -rw-r--r-- | base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnFactory.java | 5 | ||||
| -rw-r--r-- | base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnection.java | 33 |
2 files changed, 24 insertions, 14 deletions
diff --git a/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnFactory.java b/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnFactory.java index 79f2e91c4..dfc974e0b 100644 --- a/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnFactory.java +++ b/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnFactory.java @@ -365,9 +365,10 @@ public class LdapAnonConnFactory implements ILdapConnFactory { // this returned connection might authenticate as someone other than // anonymonus. Reset it to anonymous first before it returns - // to the pool. + // to the pool. Do this by calling connect() again on this connection + // to avoid doing an explicit anonymous bind try { - anon.authenticate(null, null); + anon.connect(mConnInfo.getHost(), mConnInfo.getPort()); // return conn. CMS.debug("returnConn: mNumConns now " + mNumConns); diff --git a/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnection.java b/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnection.java index f99705e84..52cdc4b1e 100644 --- a/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnection.java +++ b/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnection.java @@ -48,8 +48,14 @@ public class LdapAnonConnection extends LDAPConnection { setOption(LDAPv2.REFERRALS, Boolean.valueOf(followReferrals)); - super.connect(connInfo.getVersion(), + if (connInfo.getVersion() == LDAPv2.PROTOCOL_VERSION) { + super.connect(connInfo.getVersion(), connInfo.getHost(), connInfo.getPort(), null, null); + } else { + // use the following connect() call because it connects but does + // not authenticate with an anonymous bind. This requires LDAPv3. + super.connect(connInfo.getHost(), connInfo.getPort()); + } } /** @@ -59,7 +65,13 @@ public class LdapAnonConnection extends LDAPConnection { LDAPSocketFactory fac) throws LDAPException { super(fac); - super.connect(version, host, port, null, null); + if (version == LDAPv2.PROTOCOL_VERSION) { + super.connect(version, host, port, null, null); + } else { + // use the following connect() call because it connects but does + // not authenticate with an anonymous bind. This requires LDAPv3. + super.connect(host, port); + } } /** @@ -68,16 +80,13 @@ public class LdapAnonConnection extends LDAPConnection { public LdapAnonConnection(String host, int port, int version) throws LDAPException { super(); - super.connect(version, host, port, null, null); - } - - /** - * overrides superclass connect. - * does not allow reconnect. - */ - public void connect(String host, int port) throws LDAPException { - throw new RuntimeException( - "this LdapAnonConnection already connected: connect(h,p)"); + if (version == LDAPv2.PROTOCOL_VERSION) { + super.connect(version, host, port, null, null); + } else { + // use the following connect() call because it connects but does + // not authenticate with an anonymous bind. This requires LDAPv3. + super.connect(host, port); + } } /** |