diff options
| author | Jan Zeleny <jzeleny@redhat.com> | 2011-11-21 06:26:44 -0500 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2011-12-08 12:02:32 -0500 |
| commit | 8c60644bd8f2d739ff7a58b3717929254d09dfbe (patch) | |
| tree | 52a062e02fabcec7407c775e29112afffba0b467 /src/providers/ldap/sdap_async_connection.c | |
| parent | a63aee266c6d41216c606c2efa459f9477875cc7 (diff) | |
| download | sssd-8c60644bd8f2d739ff7a58b3717929254d09dfbe.tar.gz sssd-8c60644bd8f2d739ff7a58b3717929254d09dfbe.tar.xz sssd-8c60644bd8f2d739ff7a58b3717929254d09dfbe.zip | |
Add ldap_sasl_minssf option
https://fedorahosted.org/sssd/ticket/1075
Diffstat (limited to 'src/providers/ldap/sdap_async_connection.c')
| -rw-r--r-- | src/providers/ldap/sdap_async_connection.c | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c index 1f829f176..38f493036 100644 --- a/src/providers/ldap/sdap_async_connection.c +++ b/src/providers/ldap/sdap_async_connection.c @@ -150,6 +150,8 @@ static void sdap_sys_connect_done(struct tevent_req *subreq) struct sdap_rebind_proc_params *rebind_proc_params; int sd; bool sasl_nocanon; + const char *sasl_mech; + int sasl_minssf; ret = sss_ldap_init_recv(subreq, &state->sh->ldap, &sd); talloc_zfree(subreq); @@ -269,6 +271,21 @@ static void sdap_sys_connect_done(struct tevent_req *subreq) goto fail; } + sasl_mech = dp_opt_get_string(state->opts->basic, SDAP_SASL_MECH); + if (sasl_mech != NULL) { + sasl_minssf = dp_opt_get_int(state->opts->basic, SDAP_SASL_MINSSF); + if (sasl_minssf >= 0) { + lret = ldap_set_option(state->sh->ldap, LDAP_OPT_X_SASL_SSF_MIN, + &sasl_minssf); + if (lret != LDAP_OPT_SUCCESS) { + DEBUG(SSSDBG_CRIT_FAILURE, + ("Failed to set LDAP MIN SSF option to %d\n", + sasl_minssf)); + goto fail; + } + } + } + /* if we do not use start_tls the connection is not really connected yet * just fake an async procedure and leave connection to the bind call */ if (!state->use_start_tls) { |