This bug is created as a clone of upstream ticket:
The slapi_ldap_bind() function does not properly check the bind operation results. It currently only calls ldap_parse_result() if returnedctrls was passed in by the caller. We need to call ldap_parse_result() even if we don't need to get the returned controls, as it's how we get the LDAP response code for the BIND operation. With the current code, slapi_ldap_bind() will end up returning 0 for a failed BIND operation if returnedctrls is not passed in.
*** Bug 836385 has been marked as a duplicate of this bug. ***
Please add steps to reproduce this bug
Created testcase (bug836386()) in mmrepl/accept/ as replication uses slapi_ldap_bind.
200|0 24 17:32:28|TP Start
520|0 24 16496 1 1|
520|0 24 16496 1 2|bug836386 - make sure slapi_ldap_bind complains when an invalid password is used
520|0 24 16496 1 3|bug836386 Restore agreement for S2->S1: SIMPLE to SSL
520|0 24 16496 1 4|bug836386 Restored
520|0 24 16496 1 5|slapi_ldap_bind correctly indentified the failure, nsDS5ReplicaCredentials is correctly restored to secret12, Return code-0
520|0 24 16496 1 6|TestCase [bug836386] result-> [PASS]
220|0 24 0 17:32:41|PASS
version :: 389-ds-base-188.8.131.52-8.el6
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.