ITS#8909 additional tweak

author Howard Chu <hyc@openldap.org>

Wed, 29 Aug 2018 01:02:13 +0000 (02:02 +0100)

committer Quanah Gibson-Mount <quanah@openldap.org>

Fri, 7 Sep 2018 17:02:21 +0000 (17:02 +0000)
author Howard Chu <hyc@openldap.org>
Wed, 29 Aug 2018 01:02:13 +0000 (02:02 +0100)
committer Quanah Gibson-Mount <quanah@openldap.org>
Fri, 7 Sep 2018 17:02:21 +0000 (17:02 +0000)
diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c

index e4a74ea7fd156a4ed5591779cca0e65a2c1015b3..d80370ff9b123202e91a20470d9d58315ca9f898 100644 (file)
--- a/servers/slapd/saslauthz.c
+++ b/servers/slapd/saslauthz.c
@@ -2075,6 +2075,8 @@ int slap_sasl_authorized( Operation *op,
                 rc = slap_sasl_check_authz( op, authcDN, authzDN,
                         slap_schema.si_ad_saslAuthzTo, authcDN );
                 if(( rc == LDAP_SUCCESS ) ^ (( authz_policy & SASL_AUTHZ_AND) != 0)) {
+                       if( rc != LDAP_SUCCESS )
+                               rc = LDAP_INAPPROPRIATE_AUTH;
                         goto DONE;
                 }
         }
author	Howard Chu <hyc@openldap.org>
	Wed, 29 Aug 2018 01:02:13 +0000 (02:02 +0100)
committer	Quanah Gibson-Mount <quanah@openldap.org>
	Fri, 7 Sep 2018 17:02:21 +0000 (17:02 +0000)