Should be fine now. The whole thing originated from the fact that be_rootdn_bind() was passed a NULL SlapReply* without handling results accordingly. Thanks, p.
Yes it is fixed,
But in your fix, only the rootpw password works. If we have the rootdn also as a dn stored inside the ldap tree then openldap does not tries to bind to the dn of the tree if the rootpw is incorrect
if we use the same code segment of bind.cpp written for back-bdb which is:
/* allow noauth binds */ switch ( be_rootdn_bind( op, NULL ) ) { case LDAP_SUCCESS: /* frontend will send result */ return rs->sr_err; default: break; } And the rootpw is not matched, then slapd will continue to search the ldap tree and if it finds a dn and its userPassword matches, then it authenticates. If an appropriate dn / password is not found in the tree, then it throughs the invalid credentials error.
Maybe the bind-dbd way is more correct?