diff options
| author | Ade Lee <alee@redhat.com> | 2012-08-31 16:17:48 -0400 |
|---|---|---|
| committer | Ade Lee <alee@redhat.com> | 2012-08-31 16:34:54 -0400 |
| commit | dda4c6701e0a48a4f3da8387a6c4562f59038292 (patch) | |
| tree | 0d23f52f1f95bcc987739a5b7abfd783275efe4b | |
| parent | d579bbca2658871dddedb00b3a40e71373734e9a (diff) | |
| download | pki-dda4c6701e0a48a4f3da8387a6c4562f59038292.tar.gz pki-dda4c6701e0a48a4f3da8387a6c4562f59038292.tar.xz pki-dda4c6701e0a48a4f3da8387a6c4562f59038292.zip | |
Fixed anon connection factory to make no anonymous binds
This allow server to come up with DS where anon binds are turned off.
| -rw-r--r-- | base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnFactory.java | 5 | ||||
| -rw-r--r-- | base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnection.java | 35 |
2 files changed, 25 insertions, 15 deletions
diff --git a/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnFactory.java b/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnFactory.java index fbc99608a..53c37a358 100644 --- a/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnFactory.java +++ b/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnFactory.java @@ -364,9 +364,10 @@ public class LdapAnonConnFactory implements ILdapConnFactory { // this returned connection might authenticate as someone other than // anonymonus. Reset it to anonymous first before it returns - // to the pool. + // to the pool. Do this by calling connect() again on this connection + // to avoid doing an explicit anonymous bind try { - anon.authenticate(null, null); + anon.connect(mConnInfo.getHost(), mConnInfo.getPort()); // return conn. CMS.debug("returnConn: mNumConns now " + mNumConns); diff --git a/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnection.java b/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnection.java index 4be6bc33b..eb4e3696a 100644 --- a/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnection.java +++ b/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnection.java @@ -43,8 +43,14 @@ public class LdapAnonConnection extends LDAPConnection { setOption(LDAPv2.REFERRALS, new Boolean(followReferrals)); - super.connect(connInfo.getVersion(), - connInfo.getHost(), connInfo.getPort(), null, null); + if (connInfo.getVersion() == LDAPv2.PROTOCOL_VERSION) { + super.connect(connInfo.getVersion(), + connInfo.getHost(), connInfo.getPort(), null, null); + } else { + // use the following connect() call because it connects but does + // not authenticate with an anonymous bind. This requires LDAPv3. + super.connect(connInfo.getHost(), connInfo.getPort()); + } } /** @@ -54,7 +60,13 @@ public class LdapAnonConnection extends LDAPConnection { LDAPSocketFactory fac) throws LDAPException { super(fac); - super.connect(version, host, port, null, null); + if (version == LDAPv2.PROTOCOL_VERSION) { + super.connect(version, host, port, null, null); + } else { + // use the following connect() call because it connects but does + // not authenticate with an anonymous bind. This requires LDAPv3. + super.connect(host, port); + } } /** @@ -63,16 +75,13 @@ public class LdapAnonConnection extends LDAPConnection { public LdapAnonConnection(String host, int port, int version) throws LDAPException { super(); - super.connect(version, host, port, null, null); - } - - /** - * overrides superclass connect. - * does not allow reconnect. - */ - public void connect(String host, int port) throws LDAPException { - throw new RuntimeException( - "this LdapAnonConnection already connected: connect(h,p)"); + if (version == LDAPv2.PROTOCOL_VERSION) { + super.connect(version, host, port, null, null); + } else { + // use the following connect() call because it connects but does + // not authenticate with an anonymous bind. This requires LDAPv3. + super.connect(host, port); + } } /** |