From 36627bf3c66720a40761f247d7b8a3da3da2c554 Mon Sep 17 00:00:00 2001 From: Ade Lee Date: Fri, 31 Aug 2012 16:17:48 -0400 Subject: Fixed anon connection factory to make no anonymous binds This allow server to come up with DS where anon binds are turned off. --- .../cmscore/ldapconn/LdapAnonConnFactory.java | 5 ++-- .../cmscore/ldapconn/LdapAnonConnection.java | 33 ++++++++++++++-------- 2 files changed, 24 insertions(+), 14 deletions(-) diff --git a/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnFactory.java b/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnFactory.java index 79f2e91c4..dfc974e0b 100644 --- a/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnFactory.java +++ b/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnFactory.java @@ -365,9 +365,10 @@ public class LdapAnonConnFactory implements ILdapConnFactory { // this returned connection might authenticate as someone other than // anonymonus. Reset it to anonymous first before it returns - // to the pool. + // to the pool. Do this by calling connect() again on this connection + // to avoid doing an explicit anonymous bind try { - anon.authenticate(null, null); + anon.connect(mConnInfo.getHost(), mConnInfo.getPort()); // return conn. CMS.debug("returnConn: mNumConns now " + mNumConns); diff --git a/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnection.java b/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnection.java index f99705e84..52cdc4b1e 100644 --- a/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnection.java +++ b/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnection.java @@ -48,8 +48,14 @@ public class LdapAnonConnection extends LDAPConnection { setOption(LDAPv2.REFERRALS, Boolean.valueOf(followReferrals)); - super.connect(connInfo.getVersion(), + if (connInfo.getVersion() == LDAPv2.PROTOCOL_VERSION) { + super.connect(connInfo.getVersion(), connInfo.getHost(), connInfo.getPort(), null, null); + } else { + // use the following connect() call because it connects but does + // not authenticate with an anonymous bind. This requires LDAPv3. + super.connect(connInfo.getHost(), connInfo.getPort()); + } } /** @@ -59,7 +65,13 @@ public class LdapAnonConnection extends LDAPConnection { LDAPSocketFactory fac) throws LDAPException { super(fac); - super.connect(version, host, port, null, null); + if (version == LDAPv2.PROTOCOL_VERSION) { + super.connect(version, host, port, null, null); + } else { + // use the following connect() call because it connects but does + // not authenticate with an anonymous bind. This requires LDAPv3. + super.connect(host, port); + } } /** @@ -68,16 +80,13 @@ public class LdapAnonConnection extends LDAPConnection { public LdapAnonConnection(String host, int port, int version) throws LDAPException { super(); - super.connect(version, host, port, null, null); - } - - /** - * overrides superclass connect. - * does not allow reconnect. - */ - public void connect(String host, int port) throws LDAPException { - throw new RuntimeException( - "this LdapAnonConnection already connected: connect(h,p)"); + if (version == LDAPv2.PROTOCOL_VERSION) { + super.connect(version, host, port, null, null); + } else { + // use the following connect() call because it connects but does + // not authenticate with an anonymous bind. This requires LDAPv3. + super.connect(host, port); + } } /** -- cgit