Blame SOURCES/nss-pam-ldapd-0.8.13-avoid-lockout-on-bad-password.patch

20b078
diff -up nss-pam-ldapd-0.8.13/nslcd/myldap.c.avoid_lockout_on_bad_password nss-pam-ldapd-0.8.13/nslcd/myldap.c
20b078
--- nss-pam-ldapd-0.8.13/nslcd/myldap.c.avoid_lockout_on_bad_password	2017-10-24 12:04:22.275105596 +0200
20b078
+++ nss-pam-ldapd-0.8.13/nslcd/myldap.c	2017-10-24 12:04:39.355175121 +0200
20b078
@@ -967,6 +967,13 @@ static int do_retry_search(MYLDAP_SEARCH
20b078
         /* try to start the search */
20b078
         pthread_mutex_unlock(&uris_mutex);
20b078
         rc=do_try_search(search);
20b078
+        /* if we are authenticating a user and get an error regarding failed
20b078
+           password we should error out instead of trying all servers */
20b078
+        if ((search->session->binddn[0] != '\0') && (rc == LDAP_INVALID_CREDENTIALS))
20b078
+        {
20b078
+          do_close(search->session);
20b078
+          return rc;
20b078
+        }
20b078
         if (rc==LDAP_SUCCESS)
20b078
         {
20b078
           pthread_mutex_lock(&uris_mutex);