diff options
author | Nathan Kinder <nkinder@redhat.com> | 2009-05-29 08:38:35 -0700 |
---|---|---|
committer | Nathan Kinder <nkinder@redhat.com> | 2009-05-29 09:00:35 -0700 |
commit | 4d32ce1809dfead6697404edaff066608c4bad9d (patch) | |
tree | 613ad3e9010bffb1f9e5d03ce4aadc921c335b43 /ldap/servers/slapd/slap.h | |
parent | 67aca96ae2c53f74f896439840a82cbccbeb34cf (diff) | |
download | ds-4d32ce1809dfead6697404edaff066608c4bad9d.tar.gz ds-4d32ce1809dfead6697404edaff066608c4bad9d.tar.xz ds-4d32ce1809dfead6697404edaff066608c4bad9d.zip |
Add require secure binds switch.
This adds a new configuration attribute named
nsslapd-require-secure-binds. When enabled, a simple bind
will only be allowed over a secure transport (SSL/TLS or a
SASL privacy layer). An attempt to do a simple bind over
an insecure transport will return a LDAP result of
LDAP_CONFIDENTIALITY_REQUIRED. This new setting will not
affect anonymous or unauthenticated binds.
The default setting is to have this option disabled.
Diffstat (limited to 'ldap/servers/slapd/slap.h')
-rw-r--r-- | ldap/servers/slapd/slap.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h index f0d21910..ffcba46c 100644 --- a/ldap/servers/slapd/slap.h +++ b/ldap/servers/slapd/slap.h @@ -1715,6 +1715,7 @@ typedef struct _slapdEntryPoints { #define CONFIG_USERAT_ATTRIBUTE "nsslapd-userat" #define CONFIG_SVRTAB_ATTRIBUTE "nsslapd-svrtab" #define CONFIG_UNAUTH_BINDS_ATTRIBUTE "nsslapd-allow-unauthenticated-binds" +#define CONFIG_REQUIRE_SECURE_BINDS_ATTRIBUTE "nsslapd-require-secure-binds" #ifndef _WIN32 #define CONFIG_LOCALUSER_ATTRIBUTE "nsslapd-localuser" #endif /* !_WIN32 */ @@ -2008,6 +2009,7 @@ typedef struct _slapdFrontendConfig { char *ldapi_auto_dn_suffix; /* suffix to be appended to auto gen DNs */ int slapi_counters; /* switch to turn slapi_counters on/off */ int allow_unauth_binds; /* switch to enable/disable unauthenticated binds */ + int require_secure_binds; /* switch to require simple binds to use a secure channel */ size_t maxsasliosize; /* limit incoming SASL IO packet size */ #ifndef _WIN32 struct passwd *localuserinfo; /* userinfo of localuser */ |