r18620: Fallback to non-paging LDAP searches in ads_do_search_retry_internal()

for anonymous bound connections.

When doing anonymous bind you can never use paged LDAP control for
RootDSE searches on AD.

Guenther
(This used to be commit dc1d92faabd4b291f607eb481349ba37e52ef11e)

1 files changed, 19 insertions, 2 deletions

diff --git a/source3/libads/ldap_utils.c b/source3/libads/ldap_utils.c
index 9559ae117a..e6855674d1 100644
--- a/source3/libads/ldap_utils.c
+++ b/source3/libads/ldap_utils.c
@@ -50,7 +50,15 @@ static ADS_STATUS ads_do_search_retry_internal(ADS_STRUCT *ads, const char *bind
 	}
 
 	*res = NULL;
-	status = ads_do_search_all_args(ads, bp, scope, expr, attrs, args, res);
+
+	/* when binding anonymously, we cannot use the paged search LDAP
+	 * control - Guenther */
+
+	if (ads->auth.flags & ADS_AUTH_ANON_BIND) {
+		status = ads_do_search(ads, bp, scope, expr, attrs, res);
+	} else {
+		status = ads_do_search_all_args(ads, bp, scope, expr, attrs, args, res);
+	}
 	if (ADS_ERR_OK(status)) {
 		DEBUG(5,("Search for %s gave %d replies\n",
 			 expr, ads_count_replies(ads, *res)));
@@ -83,7 +91,16 @@ static ADS_STATUS ads_do_search_retry_internal(ADS_STRUCT *ads, const char *bind
 		}
 
 		*res = NULL;
-		status = ads_do_search_all_args(ads, bp, scope, expr, attrs, args, res);
+
+		/* when binding anonymously, we cannot use the paged search LDAP
+		 * control - Guenther */
+
+		if (ads->auth.flags & ADS_AUTH_ANON_BIND) {
+			status = ads_do_search(ads, bp, scope, expr, attrs, res);
+		} else {
+			status = ads_do_search_all_args(ads, bp, scope, expr, attrs, args, res);
+		}
+
 		if (ADS_ERR_OK(status)) {
 			DEBUG(5,("Search for filter: %s, base: %s gave %d replies\n",
 				 expr, bp, ads_count_replies(ads, *res)));