2 files changed, 24 insertions, 14 deletions

diff --git a/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnFactory.java b/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnFactory.java
index 79f2e91c4..dfc974e0b 100644
--- a/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnFactory.java
+++ b/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnFactory.java
@@ -365,9 +365,10 @@ public class LdapAnonConnFactory implements ILdapConnFactory {
 
         // this returned connection might authenticate as someone other than
         // anonymonus. Reset it to anonymous first before it returns
-        // to the pool.
+        // to the pool.  Do this by calling connect() again on this connection
+        // to avoid doing an explicit anonymous bind
         try {
-            anon.authenticate(null, null);
+            anon.connect(mConnInfo.getHost(), mConnInfo.getPort());
 
             // return conn.
             CMS.debug("returnConn: mNumConns now " + mNumConns);
diff --git a/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnection.java b/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnection.java
index f99705e84..52cdc4b1e 100644
--- a/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnection.java
+++ b/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnection.java
@@ -48,8 +48,14 @@ public class LdapAnonConnection extends LDAPConnection {
 
         setOption(LDAPv2.REFERRALS, Boolean.valueOf(followReferrals));
 
-        super.connect(connInfo.getVersion(),
+        if (connInfo.getVersion() == LDAPv2.PROTOCOL_VERSION) {
+            super.connect(connInfo.getVersion(),
                 connInfo.getHost(), connInfo.getPort(), null, null);
+        } else {
+            // use the following connect() call because it connects but does
+            // not authenticate with an anonymous bind.  This requires LDAPv3.
+            super.connect(connInfo.getHost(), connInfo.getPort());
+        }
     }
 
     /**
@@ -59,7 +65,13 @@ public class LdapAnonConnection extends LDAPConnection {
             LDAPSocketFactory fac)
             throws LDAPException {
         super(fac);
-        super.connect(version, host, port, null, null);
+        if (version == LDAPv2.PROTOCOL_VERSION) {
+            super.connect(version, host, port, null, null);
+        } else {
+            // use the following connect() call because it connects but does
+            // not authenticate with an anonymous bind.  This requires LDAPv3.
+            super.connect(host, port);
+        }
     }
 
     /**
@@ -68,16 +80,13 @@ public class LdapAnonConnection extends LDAPConnection {
     public LdapAnonConnection(String host, int port, int version)
             throws LDAPException {
         super();
-        super.connect(version, host, port, null, null);
-    }
-
-    /**
-     * overrides superclass connect.
-     * does not allow reconnect.
-     */
-    public void connect(String host, int port) throws LDAPException {
-        throw new RuntimeException(
-                "this LdapAnonConnection already connected: connect(h,p)");
+        if (version == LDAPv2.PROTOCOL_VERSION) {
+            super.connect(version, host, port, null, null);
+        } else {
+            // use the following connect() call because it connects but does
+            // not authenticate with an anonymous bind.  This requires LDAPv3.
+            super.connect(host, port);
+        }
     }
 
     /**