From b51e78c34f864ee2283102e7e96d9bb063a5fe7e Mon Sep 17 00:00:00 2001
From: Daniel Hoffend <dh@dotlan.net>
Date: Thu, 16 Mar 2023 10:22:41 +0100
Subject: [PATCH] drop user bind info after auth in indirect mode

---
 lib/Connector/Builtin/Authentication/LDAP.pm | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/Connector/Builtin/Authentication/LDAP.pm b/lib/Connector/Builtin/Authentication/LDAP.pm
index 75c253c..fb6b527 100644
--- a/lib/Connector/Builtin/Authentication/LDAP.pm
+++ b/lib/Connector/Builtin/Authentication/LDAP.pm
@@ -137,6 +137,10 @@ sub _check_user_password {
         }
     }
 
+    # purge last binding information to enforce use of search bind user
+    # when indirect mode is enabled
+    $self->_purge_bind() if $self->indirect();
+
     if(!defined $userdn) {
       $self->log()->warn('Authentication failed');
       return 0;