From dda4c6701e0a48a4f3da8387a6c4562f59038292 Mon Sep 17 00:00:00 2001 From: Ade Lee Date: Fri, 31 Aug 2012 16:17:48 -0400 Subject: Fixed anon connection factory to make no anonymous binds This allow server to come up with DS where anon binds are turned off. --- .../cmscore/ldapconn/LdapAnonConnFactory.java | 5 ++-- .../cmscore/ldapconn/LdapAnonConnection.java | 35 ++++++++++++++-------- 2 files changed, 25 insertions(+), 15 deletions(-) diff --git a/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnFactory.java b/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnFactory.java index fbc99608a..53c37a358 100644 --- a/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnFactory.java +++ b/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnFactory.java @@ -364,9 +364,10 @@ public class LdapAnonConnFactory implements ILdapConnFactory { // this returned connection might authenticate as someone other than // anonymonus. Reset it to anonymous first before it returns - // to the pool. + // to the pool. Do this by calling connect() again on this connection + // to avoid doing an explicit anonymous bind try { - anon.authenticate(null, null); + anon.connect(mConnInfo.getHost(), mConnInfo.getPort()); // return conn. CMS.debug("returnConn: mNumConns now " + mNumConns); diff --git a/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnection.java b/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnection.java index 4be6bc33b..eb4e3696a 100644 --- a/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnection.java +++ b/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnection.java @@ -43,8 +43,14 @@ public class LdapAnonConnection extends LDAPConnection { setOption(LDAPv2.REFERRALS, new Boolean(followReferrals)); - super.connect(connInfo.getVersion(), - connInfo.getHost(), connInfo.getPort(), null, null); + if (connInfo.getVersion() == LDAPv2.PROTOCOL_VERSION) { + super.connect(connInfo.getVersion(), + connInfo.getHost(), connInfo.getPort(), null, null); + } else { + // use the following connect() call because it connects but does + // not authenticate with an anonymous bind. This requires LDAPv3. + super.connect(connInfo.getHost(), connInfo.getPort()); + } } /** @@ -54,7 +60,13 @@ public class LdapAnonConnection extends LDAPConnection { LDAPSocketFactory fac) throws LDAPException { super(fac); - super.connect(version, host, port, null, null); + if (version == LDAPv2.PROTOCOL_VERSION) { + super.connect(version, host, port, null, null); + } else { + // use the following connect() call because it connects but does + // not authenticate with an anonymous bind. This requires LDAPv3. + super.connect(host, port); + } } /** @@ -63,16 +75,13 @@ public class LdapAnonConnection extends LDAPConnection { public LdapAnonConnection(String host, int port, int version) throws LDAPException { super(); - super.connect(version, host, port, null, null); - } - - /** - * overrides superclass connect. - * does not allow reconnect. - */ - public void connect(String host, int port) throws LDAPException { - throw new RuntimeException( - "this LdapAnonConnection already connected: connect(h,p)"); + if (version == LDAPv2.PROTOCOL_VERSION) { + super.connect(version, host, port, null, null); + } else { + // use the following connect() call because it connects but does + // not authenticate with an anonymous bind. This requires LDAPv3. + super.connect(host, port); + } } /** -- cgit