2 files changed, 25 insertions, 15 deletions

diff --git a/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnFactory.java b/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnFactory.java
index fbc99608a..53c37a358 100644
--- a/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnFactory.java
+++ b/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnFactory.java
@@ -364,9 +364,10 @@ public class LdapAnonConnFactory implements ILdapConnFactory {
 
         // this returned connection might authenticate as someone other than
         // anonymonus. Reset it to anonymous first before it returns
-        // to the pool.
+        // to the pool.  Do this by calling connect() again on this connection
+        // to avoid doing an explicit anonymous bind
         try {
-            anon.authenticate(null, null);
+            anon.connect(mConnInfo.getHost(), mConnInfo.getPort());
 
             // return conn.
             CMS.debug("returnConn: mNumConns now " + mNumConns);
diff --git a/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnection.java b/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnection.java
index 4be6bc33b..eb4e3696a 100644
--- a/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnection.java
+++ b/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnection.java
@@ -43,8 +43,14 @@ public class LdapAnonConnection extends LDAPConnection {
 
         setOption(LDAPv2.REFERRALS, new Boolean(followReferrals));
 
-        super.connect(connInfo.getVersion(), 
-            connInfo.getHost(), connInfo.getPort(), null, null);
+        if (connInfo.getVersion() == LDAPv2.PROTOCOL_VERSION) {
+            super.connect(connInfo.getVersion(),
+                connInfo.getHost(), connInfo.getPort(), null, null);
+        } else {
+            // use the following connect() call because it connects but does
+            // not authenticate with an anonymous bind.  This requires LDAPv3.
+            super.connect(connInfo.getHost(), connInfo.getPort());
+        }
     }
 
     /**
@@ -54,7 +60,13 @@ public class LdapAnonConnection extends LDAPConnection {
         LDAPSocketFactory fac)
         throws LDAPException {
         super(fac);
-        super.connect(version, host, port, null, null);
+        if (version == LDAPv2.PROTOCOL_VERSION) {
+            super.connect(version, host, port, null, null);
+        } else {
+            // use the following connect() call because it connects but does
+            // not authenticate with an anonymous bind.  This requires LDAPv3.
+            super.connect(host, port);
+        }
     }
 
     /**
@@ -63,16 +75,13 @@ public class LdapAnonConnection extends LDAPConnection {
     public LdapAnonConnection(String host, int port, int version)
         throws LDAPException {
         super();
-        super.connect(version, host, port, null, null);
-    }
-
-    /**
-     * overrides superclass connect. 
-     * does not allow reconnect.
-     */
-    public void connect(String host, int port) throws LDAPException {
-        throw new RuntimeException(
-                "this LdapAnonConnection already connected: connect(h,p)");
+        if (version == LDAPv2.PROTOCOL_VERSION) {
+            super.connect(version, host, port, null, null);
+        } else {
+            // use the following connect() call because it connects but does
+            // not authenticate with an anonymous bind.  This requires LDAPv3.
+            super.connect(host, port);
+        }
     }
 
     /**