diff options
author | Sumit Bose <sbose@redhat.com> | 2009-09-25 07:33:52 -0400 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2009-09-25 09:03:30 -0400 |
commit | e8eb42bb51de9392b0bc7e43a53ad3cd88913073 (patch) | |
tree | 8e10f0fa2feca6a5de70140955d66460ea354706 /server/providers/ldap/ldap_id.c | |
parent | 3c02938a2643fdc8ff83d81400334172f0743823 (diff) | |
download | sssd-e8eb42bb51de9392b0bc7e43a53ad3cd88913073.tar.gz sssd-e8eb42bb51de9392b0bc7e43a53ad3cd88913073.tar.xz sssd-e8eb42bb51de9392b0bc7e43a53ad3cd88913073.zip |
add new config options ldap_tls_cacert and ldap_tls_cacertdir
Diffstat (limited to 'server/providers/ldap/ldap_id.c')
-rw-r--r-- | server/providers/ldap/ldap_id.c | 38 |
1 files changed, 5 insertions, 33 deletions
diff --git a/server/providers/ldap/ldap_id.c b/server/providers/ldap/ldap_id.c index 4a06298f8..12fb476b0 100644 --- a/server/providers/ldap/ldap_id.c +++ b/server/providers/ldap/ldap_id.c @@ -1301,10 +1301,8 @@ int sssm_ldap_init(struct be_ctx *bectx, struct bet_ops **ops, void **pvt_data) { - int ldap_opt_x_tls_require_cert; struct tevent_timer *enum_task; struct sdap_id_ctx *ctx; - char *tls_reqcert; int ret; ctx = talloc_zero(bectx, struct sdap_id_ctx); @@ -1313,38 +1311,12 @@ int sssm_ldap_init(struct be_ctx *bectx, ctx->be = bectx; ret = sdap_get_options(ctx, bectx->cdb, bectx->conf_path, &ctx->opts); + if (ret != EOK) goto done; - tls_reqcert = sdap_go_get_string(ctx->opts->basic, SDAP_TLS_REQCERT); - if (tls_reqcert) { - if (strcasecmp(tls_reqcert, "never") == 0) { - ldap_opt_x_tls_require_cert = LDAP_OPT_X_TLS_NEVER; - } - else if (strcasecmp(tls_reqcert, "allow") == 0) { - ldap_opt_x_tls_require_cert = LDAP_OPT_X_TLS_ALLOW; - } - else if (strcasecmp(tls_reqcert, "try") == 0) { - ldap_opt_x_tls_require_cert = LDAP_OPT_X_TLS_TRY; - } - else if (strcasecmp(tls_reqcert, "demand") == 0) { - ldap_opt_x_tls_require_cert = LDAP_OPT_X_TLS_DEMAND; - } - else if (strcasecmp(tls_reqcert, "hard") == 0) { - ldap_opt_x_tls_require_cert = LDAP_OPT_X_TLS_HARD; - } - else { - DEBUG(1, ("Unknown value for tls_reqcert.\n")); - ret = EINVAL; - goto done; - } - /* LDAP_OPT_X_TLS_REQUIRE_CERT has to be set as a global option, - * because the SSL/TLS context is initialized from this value. */ - ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, - &ldap_opt_x_tls_require_cert); - if (ret != LDAP_OPT_SUCCESS) { - DEBUG(1, ("ldap_set_option failed: %s\n", ldap_err2string(ret))); - ret = EIO; - goto done; - } + ret = setup_tls_config(ctx->opts->basic); + if (ret != EOK) { + DEBUG(1, ("setup_tls_config failed [%d][%s].\n", ret, strerror(ret))); + goto done; } /* set up enumeration task */ |