summaryrefslogtreecommitdiffstats
path: root/src/providers/ldap/sdap_async_connection.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/providers/ldap/sdap_async_connection.c')
-rw-r--r--src/providers/ldap/sdap_async_connection.c17
1 files changed, 17 insertions, 0 deletions
diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c
index 1f829f17..38f49303 100644
--- a/src/providers/ldap/sdap_async_connection.c
+++ b/src/providers/ldap/sdap_async_connection.c
@@ -150,6 +150,8 @@ static void sdap_sys_connect_done(struct tevent_req *subreq)
struct sdap_rebind_proc_params *rebind_proc_params;
int sd;
bool sasl_nocanon;
+ const char *sasl_mech;
+ int sasl_minssf;
ret = sss_ldap_init_recv(subreq, &state->sh->ldap, &sd);
talloc_zfree(subreq);
@@ -269,6 +271,21 @@ static void sdap_sys_connect_done(struct tevent_req *subreq)
goto fail;
}
+ sasl_mech = dp_opt_get_string(state->opts->basic, SDAP_SASL_MECH);
+ if (sasl_mech != NULL) {
+ sasl_minssf = dp_opt_get_int(state->opts->basic, SDAP_SASL_MINSSF);
+ if (sasl_minssf >= 0) {
+ lret = ldap_set_option(state->sh->ldap, LDAP_OPT_X_SASL_SSF_MIN,
+ &sasl_minssf);
+ if (lret != LDAP_OPT_SUCCESS) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ ("Failed to set LDAP MIN SSF option to %d\n",
+ sasl_minssf));
+ goto fail;
+ }
+ }
+ }
+
/* if we do not use start_tls the connection is not really connected yet
* just fake an async procedure and leave connection to the bind call */
if (!state->use_start_tls) {
generated by cgit (git 2.34.1) at 2024-05-02 02:48:14 +0000