[Dovecot] "nopassword" extra field useless with LDAP passdb

[Zohan]

Timo,

Seems that "nopassword" extra field (more exactly, auth_request->no_password condition) is completely ignored in passdb-ldap.c, due to (line 112 as of Dovecot 1.1.7):

===
        if (auth_request->passdb_password == NULL) {
                auth_request_log_error(auth_request, "ldap",
                                       "No password in reply");
        } else if (ldap_next_entry(conn->ld, entry) != NULL) {
                auth_request_log_error(auth_request, "ldap",
                        "pass_filter matched multiple objects, aborting");
        } else if (auth_request->passdb_password == NULL &&
                   !auth_request->no_password) {
                auth_request_log_info(auth_request, "ldap",
                        "Empty password returned without nopassword");
                passdb_result = PASSDB_RESULT_PASSWORD_MISMATCH;
        } else {
                /* passdb_password may change on the way, 
                   so we'll need to strdup. */
                password = t_strdup(auth_request->passdb_password);
                passdb_result = PASSDB_RESULT_OK;
        }
===

As we see, the first "if" block intercepts auth_request->passdb_password == NULL condition, ignoring auth_request->no_password and making line 127 (passdb_result = PASSDB_RESULT_OK) unreachable even if auth_request->no_password is set.
For my local installation I've just removed the first "if" block (see patch in attachment), and it seems to fix the problem.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dovecot-1.1.7-ldap-nopassword.patch
Type: text/x-patch
Size: 628 bytes
Desc: not available
Url : http://dovecot.org/pipermail/dovecot/attachments/20081219/3e7dda40/attachment.bin