X-Git-Url: https://git.proxmox.com/?p=pve-access-control.git;a=blobdiff_plain;f=PVE%2FAuth%2FLDAP.pm;fp=PVE%2FAuth%2FLDAP.pm;h=09b220201a35ef49c18c852fe2f92560b1f71ea1;hp=9fa909500f3693d5626546ccf7b3369970eee1d6;hb=de8c5e6cebeeda13ced4c23bd108040c3c68438d;hpb=eeabad5a1363782e7916429db718d3b472e47779

diff --git a/PVE/Auth/LDAP.pm b/PVE/Auth/LDAP.pm
index 9fa9095..09b2202 100755
--- a/PVE/Auth/LDAP.pm
+++ b/PVE/Auth/LDAP.pm
@@ -203,17 +203,17 @@ sub connect_and_bind {
 
     my $ldap = PVE::LDAP::ldap_connect($servers, $scheme, $port, \%ldap_args);
 
-    my $bind_dn;
-    my $bind_pass;
-
     if ($config->{bind_dn}) {
-	$bind_dn = $config->{bind_dn};
-	$bind_pass = ldap_get_credentials($realm);
+	my $bind_dn = $config->{bind_dn};
+	my $bind_pass = ldap_get_credentials($realm);
 	die "missing password for realm $realm\n" if !defined($bind_pass);
+	PVE::LDAP::ldap_bind($ldap, $bind_dn, $bind_pass);
+    } elsif ($config->{cert} && $config->{certkey}) {
+	warn "skipping anonymous bind with clientcert\n";
+    } else {
+	PVE::LDAP::ldap_bind($ldap);
     }
 
-    PVE::LDAP::ldap_bind($ldap, $bind_dn, $bind_pass);
-
     if (!$config->{base_dn}) {
 	my $root = $ldap->root_dse(attrs => [ 'defaultNamingContext' ]);
 	$config->{base_dn} = $root->get_value('defaultNamingContext');