diff options
| author | Tyson Whitehead <twhitehead@gmail.com> | 2011-01-19 15:22:49 -0500 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2011-01-20 12:20:15 -0500 |
| commit | 3c13b616108d4c0a413380ba72189947898eee57 (patch) | |
| tree | c3700f4289a40f60b1ac36e46a100344b94394e7 /src/providers/ldap | |
| parent | 2fac679ce284b21bd49b4241f0b9e5a5db1bd0c6 (diff) | |
| download | sssd-3c13b616108d4c0a413380ba72189947898eee57.tar.gz sssd-3c13b616108d4c0a413380ba72189947898eee57.tar.xz sssd-3c13b616108d4c0a413380ba72189947898eee57.zip | |
Add ldap_tls_{cert,key,cipher_suite} config options
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
Diffstat (limited to 'src/providers/ldap')
| -rw-r--r-- | src/providers/ldap/ldap_common.c | 3 | ||||
| -rw-r--r-- | src/providers/ldap/sdap.c | 27 | ||||
| -rw-r--r-- | src/providers/ldap/sdap.h | 3 |
3 files changed, 33 insertions, 0 deletions
diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c index 48c35638b..e669ba6c7 100644 --- a/src/providers/ldap/ldap_common.c +++ b/src/providers/ldap/ldap_common.c @@ -57,6 +57,9 @@ struct dp_option default_basic_opts[] = { { "entry_cache_timeout", DP_OPT_NUMBER, { .number = 5400 }, NULL_NUMBER }, { "ldap_tls_cacert", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_tls_cacertdir", DP_OPT_STRING, NULL_STRING, NULL_STRING }, + { "ldap_tls_cert", DP_OPT_STRING, NULL_STRING, NULL_STRING }, + { "ldap_tls_key", DP_OPT_STRING, NULL_STRING, NULL_STRING }, + { "ldap_tls_cipher_suite", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_id_use_start_tls", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "ldap_sasl_mech", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_sasl_authid", DP_OPT_STRING, NULL_STRING, NULL_STRING }, diff --git a/src/providers/ldap/sdap.c b/src/providers/ldap/sdap.c index 573de1787..ea2eabe78 100644 --- a/src/providers/ldap/sdap.c +++ b/src/providers/ldap/sdap.c @@ -350,6 +350,33 @@ errno_t setup_tls_config(struct dp_option *basic_opts) } } + tls_opt = dp_opt_get_string(basic_opts, SDAP_TLS_CERT); + if (tls_opt) { + ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_CERTFILE, tls_opt); + if (ret != LDAP_OPT_SUCCESS) { + DEBUG(1, ("ldap_set_option failed: %s\n", ldap_err2string(ret))); + return EIO; + } + } + + tls_opt = dp_opt_get_string(basic_opts, SDAP_TLS_KEY); + if (tls_opt) { + ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_KEYFILE, tls_opt); + if (ret != LDAP_OPT_SUCCESS) { + DEBUG(1, ("ldap_set_option failed: %s\n", ldap_err2string(ret))); + return EIO; + } + } + + tls_opt = dp_opt_get_string(basic_opts, SDAP_TLS_CIPHER_SUITE); + if (tls_opt) { + ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_CIPHER_SUITE, tls_opt); + if (ret != LDAP_OPT_SUCCESS) { + DEBUG(1, ("ldap_set_option failed: %s\n", ldap_err2string(ret))); + return EIO; + } + } + return EOK; } diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h index 932abca4d..e053210af 100644 --- a/src/providers/ldap/sdap.h +++ b/src/providers/ldap/sdap.h @@ -176,6 +176,9 @@ enum sdap_basic_opt { SDAP_ENTRY_CACHE_TIMEOUT, SDAP_TLS_CACERT, SDAP_TLS_CACERTDIR, + SDAP_TLS_CERT, + SDAP_TLS_KEY, + SDAP_TLS_CIPHER_SUITE, SDAP_ID_TLS, SDAP_SASL_MECH, SDAP_SASL_AUTHID, |