SASL bind doesn't use the DN

diff --git a/src/lib/ldap/base.h b/src/lib/ldap/base.h
index e6e478a863579c2f637f0550c76a8f2a35ba1f1e..923acdc970dec46702193858d180e5cb368d6ed6 100644 (file)
--- a/src/lib/ldap/base.h
+++ b/src/lib/ldap/base.h
@@ -501,7 +501,6 @@ typedef struct {
 typedef struct {
        fr_ldap_connection_t    *c;                     //!< to bind.  Only used when binding as admin user.
        char const              *mechs;                 //!< SASL mechanisms to run
-       char const              *dn;                    //!< to bind as.
        char const              *identity;              //!< of the user.
        char const              *password;              //!< of the user, may be NULL if no password is specified.
        char const              *proxy;                 //!< Proxy identity, may be NULL in which case identity is used.
@@ -908,7 +907,6 @@ int         fr_ldap_sasl_bind_auth_send(fr_ldap_sasl_ctx_t *sasl_ctx,
 int            fr_ldap_sasl_bind_auth_async(request_t *request,
                                             fr_ldap_thread_t *thread,
                                             char const *mechs,
-                                            char const *dn,
                                             char const *identity,
                                             char const *password,
                                             char const *proxy, char const *realm);

diff --git a/src/lib/ldap/sasl.c b/src/lib/ldap/sasl.c
index 073f7afbce3cb251a9aebfc9386c51ad502de49e..8faa355ca9f3fc691d3073eadeee3baf5270264a 100644 (file)
--- a/src/lib/ldap/sasl.c
+++ b/src/lib/ldap/sasl.c
@@ -487,7 +487,6 @@ static unlang_action_t ldap_async_sasl_bind_auth_results(rlm_rcode_t *p_result,
  * @param[in] request          this bind relates to.
  * @param[in] thread           whose connection the bind should be performed on.
  * @param[in] mechs            SASL mechanisms to use.
- * @param[in] dn               DN to bind as.
  * @param[in] identity         Identity to bind with.
  * @param[in] password         Password to bind with.
  * @param[in] proxy            Identity to proxy.
@@ -496,7 +495,7 @@ static unlang_action_t ldap_async_sasl_bind_auth_results(rlm_rcode_t *p_result,
  *     - 0 on success.
  *     - -1 on failure.
 */
-int fr_ldap_sasl_bind_auth_async(request_t *request, fr_ldap_thread_t *thread, char const *mechs, char const *dn,
+int fr_ldap_sasl_bind_auth_async(request_t *request, fr_ldap_thread_t *thread, char const *mechs,
                                 char const *identity, char const *password, char const *proxy, char const *realm)
 {
        fr_ldap_bind_auth_ctx_t *bind_auth_ctx;
@@ -528,7 +527,6 @@ int fr_ldap_sasl_bind_auth_async(request_t *request, fr_ldap_thread_t *thread, c
        talloc_set_destructor(bind_auth_ctx->sasl_ctx, _sasl_ctx_free);
        *bind_auth_ctx->sasl_ctx = (fr_ldap_sasl_ctx_t) {
                .mechs = mechs,
-               .dn = dn,
                .identity = identity,
                .password = password,
                .proxy = proxy,

diff --git a/src/modules/rlm_ldap/rlm_ldap.c b/src/modules/rlm_ldap/rlm_ldap.c
index 7131dba3c958f7252d60d03d44cd574f1685ee9d..a7bc9ebfeec05be686312b9a26943a69ac158ae3 100644 (file)
--- a/src/modules/rlm_ldap/rlm_ldap.c
+++ b/src/modules/rlm_ldap/rlm_ldap.c
@@ -1164,7 +1164,7 @@ static unlang_action_t mod_authenticate_resume(rlm_rcode_t *p_result, UNUSED int
 #ifdef WITH_SASL
                ldap_auth_call_env_t *call_env = auth_ctx->call_env;
                if (fr_ldap_sasl_bind_auth_async(request, auth_ctx->thread, call_env->user_sasl_mech.vb_strvalue,
-                                                auth_ctx->dn, call_env->user_sasl_authname.vb_strvalue,
+                                                call_env->user_sasl_authname.vb_strvalue,
                                                 auth_ctx->password, call_env->user_sasl_proxy.vb_strvalue,
                                                 call_env->user_sasl_realm.vb_strvalue) < 0) goto fail;
 #else