Full_Name: Matthew Hardin
Submission from: (NULL) (184.108.40.206)
Remote directory servers that do not answer a bind request within the timeout
period will cause an assertion failure in back-meta.
The meta_back_bind() function calls either meta_back_proxy_authz_bind() if the
bind is taking place with back_meta's rootdn or meta_back_single_bind() if it's
Once they make the appropriate bind function call, each of these functions calls
meta_back_bind_op_result() to process the result of the bind. Neither
meta_back_proxy_authz_bind() or meta_back_single_bind() set the
When meta_back_bind_op_result() calls ldap_result(), one of the possible return
codes is 0, and meta_back_bind_op_result() will repeat the ldap_result() call,
provided the timeout hasn't been exceeded or back-meta has been told not to
If the wait time has been exceeded the code falls through to an
assert(LDAP_BACK_CONN_BINDING(msc)) statement. This assert is only valid when
meta_back_do_bind() has made the function call, and it will fail if either
meta_back_proxy_authz_bind() or meta_back_single_bind() made the function call.
The correct fix would seem to be to remove the assert(), since in two out of
three cases the meta_back_bind_op_result() function is being called with the
LDAP_BACK_CONN_BINDING state not set.
It is also possible to set and clear the LDAP_BACK_CONN_BINDING state as
appropriate from the other two funcions that call it, but this seems incorrect,
as the LDAP_BACK_CONN_BINDING state is only manipulated in the
meta_back_single_dobind() direct bind function.