From bc58f5892d3a8f6b28e2148c5a0cca34b63ef354 Mon Sep 17 00:00:00 2001
From: Simo Sorce <ssorce@redhat.com>
Date: Fri, 25 Sep 2009 09:46:30 -0400
Subject: Initial implementation of sasl bind support

Inits krb5 credentials, if sasl mech is GSSAPI.
Tested with GSSAPI and host keytab as well as user credentials.
Updates also manpages with the new options.
---
 server/providers/ldap/sdap.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'server/providers/ldap/sdap.c')

diff --git a/server/providers/ldap/sdap.c b/server/providers/ldap/sdap.c
index 07e48c18c..cc435ce00 100644
--- a/server/providers/ldap/sdap.c
+++ b/server/providers/ldap/sdap.c
@@ -51,7 +51,14 @@ struct sdap_gen_opts default_basic_opts[] = {
     { "ldap_enumeration_refresh_timeout", SDAP_NUMBER, { .number = 300 }, NULL_NUMBER },
     { "ldap_stale_time", SDAP_NUMBER, { .number = 1800 }, NULL_NUMBER },
     { "ldap_tls_cacert", SDAP_STRING, NULL_STRING, NULL_STRING },
-    { "ldap_tls_cacertdir", SDAP_STRING, NULL_STRING, NULL_STRING }
+    { "ldap_tls_cacertdir", SDAP_STRING, NULL_STRING, NULL_STRING },
+    { "ldap_id_use_start_tls", SDAP_BOOL, BOOL_FALSE, BOOL_FALSE },
+    { "ldap_sasl_mech", SDAP_STRING, NULL_STRING, NULL_STRING },
+    { "ldap_sasl_authid", SDAP_STRING, NULL_STRING, NULL_STRING },
+    { "ldap_krb5_keytab", SDAP_STRING, NULL_STRING, NULL_STRING },
+    { "ldap_krb5_init_creds", SDAP_BOOL, BOOL_TRUE, BOOL_TRUE },
+    /* use the same parm name as the krb5 module so we set it only once */
+    { "krb5_realm", SDAP_STRING, NULL_STRING, NULL_STRING }
 };
 
 struct sdap_id_map rfc2307_user_map[] = {
-- 
cgit