upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-24 00:29:35 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Added ldapdb_starttls keyword

Browse source
This commit is contained in:
Howard Chu 2003-10-07 00:19:36 +00:00
parent 5e9fae342a
commit fee0f44307
2 changed files with 23 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
contrib/ldapsasl/README
View file

@ -64,3 +64,12 @@ sasl-regexp uidNumber=(.*)\\+gidNumber=(.*),cn=peercred,cn=external,cn=auth
sasl-regexp uid=(.*),cn=external,cn=auth
ldap:///dc=example,dc=com??sub?(uid=$1)
One more update: you can use the ldapdb_starttls keyword to use the
StartTLS extended operation on an LDAP session. This item may be set
to either "try" or "demand", e.g.:
ldapdb_uri: ldap://ldap.example.com
ldapdb_starttls: try
When set to "try" any failure in StartTLS is ignored. When set to "demand"
then any failure aborts the connection.

14
contrib/ldapsasl/ldapdb.c
View file

@ -38,6 +38,7 @@ typedef struct ldapctx {
struct berval id; /* SASL authcid to bind as */
struct berval pw; /* password for bind */
struct berval mech; /* SASL mech */
int use_tls; /* Issue StartTLS request? */
} ldapctx;
typedef struct gluectx {
@ -145,6 +146,11 @@ static void ldapdb_auxprop_lookup(void *glob_context,
i = LDAP_VERSION3;
ret = ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &i);
/* If TLS is set and it fails, continue or bail out as requested */
if (ctx->use_tls && ldap_start_tls_s(ld, NULL, NULL) != LDAP_SUCCESS) {
if (ctx->use_tls > 1) goto done;
}
ret = ldap_sasl_interactive_bind_s(ld, NULL, ctx->mech.bv_val, NULL, NULL,
LDAP_SASL_QUIET, ldapdb_interact, &gc);
if (ret != LDAP_SUCCESS) goto done;
@ -210,6 +216,8 @@ static int ldapdb_auxprop_plug_init(const sasl_utils_t *utils,
if(max_version < SASL_AUXPROP_PLUG_VERSION) return SASL_BADVERS;
memset(&tmp, 0, sizeof(tmp));
utils->getopt(utils->getopt_context, ldapdb, "ldapdb_uri", &tmp.uri, NULL);
if(!tmp.uri) return SASL_BADPARAM;
@ -222,6 +230,12 @@ static int ldapdb_auxprop_plug_init(const sasl_utils_t *utils,
utils->getopt(utils->getopt_context, ldapdb, "ldapdb_mech",
(const char **)&tmp.mech.bv_val, &len);
tmp.mech.bv_len = len;
utils->getopt(utils->getopt_context, ldapdb, "ldapdb_starttls", &s, NULL);
if (s)
{
if (!strcasecmp(s, "demand")) tmp.use_tls = 2;
else if (!strcasecmp(s, "try")) tmp.use_tls = 1;
}
utils->getopt(utils->getopt_context, ldapdb, "ldapdb_rc", &s, &len);
if (s)
{