Remove unnecessary references to r->user within ldap-search.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1914090 13f79535-47bb-0310-9956-ffa450edef68
apache · Nov 24, 2023 · 001d2a0 · 001d2a0
1 parent dee495f
commit 001d2a0
Showing 1 changed file with 1 addition and 18 deletions.
diff --git a/modules/aaa/mod_authnz_ldap.c b/modules/aaa/mod_authnz_ldap.c
@@ -1441,24 +1441,6 @@ static authz_status ldapsearch_check_authorization(request_rec *r,
         req = build_request_config(r);
     }
     ldc = get_connection_for_authz(r, LDAP_SEARCH);
-    if (!req->dn && r->user) {
-        authz_status rv;
-        if (!*r->user) {
-            ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(10487)
-                          "ldap authorize: Userid is blank, AuthType=%s",
-                          r->ap_auth_type);
-        }
-        rv = get_dn_for_nonldap_authn(r, ldc);
-        if (rv != AUTHZ_GRANTED) {
-            return rv;
-        }
-        if (req->dn == NULL || !*req->dn) {
-            ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02636)
-                          "auth_ldap authorize: require ldap-search: user's DN "
-                          "has not been defined; failing authorization");
-            return AUTHZ_DENIED;
-        }
-    }
 
     require = ap_expr_str_exec(r, expr, &err);
     if (err) {
@@ -1482,6 +1464,7 @@ static authz_status ldapsearch_check_authorization(request_rec *r,
 
         /* Make sure that the filtered search returned a single dn */
         if (result == LDAP_SUCCESS && dn) {
+            req->dn = dn;
             ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02631)
                           "auth_ldap authorize: require ldap-search: "
                           "authorization successful");