Resolves: bug 479077

Bug Description: Server to Server SASL/DIGEST-MD5 not Supported over SSL/TLS Reviewed by: nkinder (Thanks!) Fix Description: If using TLS/SSL, we don't need to use a sasl security layer, so just set the maxssf to 0. Platforms tested: RHEL5 Flag Day: no Doc impact: no
author: Rich Megginson <rmeggins@redhat.com> 2009-01-07 02:33:37 +0000
committer: Rich Megginson <rmeggins@redhat.com> 2009-01-07 02:33:37 +0000
commit: 04a5f7c71485c1efbc047856e4cac5fe571cf48a (patch)
tree: 30163268208e26405dd1b98de9076c6fa3f59fba /ldap/servers/slapd
parent: 4165ae9df096fc88f42c9e676215481696cdd931 (diff)
download: ds-04a5f7c71485c1efbc047856e4cac5fe571cf48a.tar.gz
ds-04a5f7c71485c1efbc047856e4cac5fe571cf48a.tar.xz
ds-04a5f7c71485c1efbc047856e4cac5fe571cf48a.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/ldap/servers/slapd/util.c b/ldap/servers/slapd/util.c
index 15196966..d53f1e74 100644
--- a/ldap/servers/slapd/util.c
+++ b/ldap/servers/slapd/util.c
@@ -1257,6 +1257,10 @@ slapi_ldap_bind(
 	    }
 	}
     } else {
+	/* a SASL mech - set the sasl ssf to 0 if using TLS/SSL */
+	if (secure) {
+	    ldap_set_option(ld, LDAP_OPT_X_SASL_SECPROPS, "maxssf=0");
+	}
 	rc = slapd_ldap_sasl_interactive_bind(ld, bindid, creds, mech,
 					      serverctrls, returnedctrls,
 					      msgidp);
author	Rich Megginson <rmeggins@redhat.com>	2009-01-07 02:33:37 +0000
committer	Rich Megginson <rmeggins@redhat.com>	2009-01-07 02:33:37 +0000
commit	04a5f7c71485c1efbc047856e4cac5fe571cf48a (patch)
tree	30163268208e26405dd1b98de9076c6fa3f59fba /ldap/servers/slapd
parent	4165ae9df096fc88f42c9e676215481696cdd931 (diff)
download	ds-04a5f7c71485c1efbc047856e4cac5fe571cf48a.tar.gz ds-04a5f7c71485c1efbc047856e4cac5fe571cf48a.tar.xz ds-04a5f7c71485c1efbc047856e4cac5fe571cf48a.zip