summaryrefslogtreecommitdiff
path: root/server/providers/ldap/ldap_auth.c
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2009-09-25 07:33:52 -0400
committerStephen Gallagher <sgallagh@redhat.com>2009-09-25 09:03:30 -0400
commite8eb42bb51de9392b0bc7e43a53ad3cd88913073 (patch)
tree8e10f0fa2feca6a5de70140955d66460ea354706 /server/providers/ldap/ldap_auth.c
parent3c02938a2643fdc8ff83d81400334172f0743823 (diff)
downloadsssd-e8eb42bb51de9392b0bc7e43a53ad3cd88913073.tar.gz
sssd-e8eb42bb51de9392b0bc7e43a53ad3cd88913073.tar.bz2
sssd-e8eb42bb51de9392b0bc7e43a53ad3cd88913073.zip
add new config options ldap_tls_cacert and ldap_tls_cacertdir
Diffstat (limited to 'server/providers/ldap/ldap_auth.c')
-rw-r--r--server/providers/ldap/ldap_auth.c37
1 files changed, 4 insertions, 33 deletions
diff --git a/server/providers/ldap/ldap_auth.c b/server/providers/ldap/ldap_auth.c
index a64a27f7..430ac216 100644
--- a/server/providers/ldap/ldap_auth.c
+++ b/server/providers/ldap/ldap_auth.c
@@ -629,9 +629,7 @@ int sssm_ldap_auth_init(struct be_ctx *bectx,
struct bet_ops **ops,
void **pvt_data)
{
- int ldap_opt_x_tls_require_cert;
struct sdap_auth_ctx *ctx;
- char *tls_reqcert;
int ret;
ctx = talloc(bectx, struct sdap_auth_ctx);
@@ -643,37 +641,10 @@ int sssm_ldap_auth_init(struct be_ctx *bectx,
&ctx->opts);
if (ret != EOK) goto done;
- tls_reqcert = sdap_go_get_string(ctx->opts->basic, SDAP_TLS_REQCERT);
- if (tls_reqcert) {
- if (strcasecmp(tls_reqcert, "never") == 0) {
- ldap_opt_x_tls_require_cert = LDAP_OPT_X_TLS_NEVER;
- }
- else if (strcasecmp(tls_reqcert, "allow") == 0) {
- ldap_opt_x_tls_require_cert = LDAP_OPT_X_TLS_ALLOW;
- }
- else if (strcasecmp(tls_reqcert, "try") == 0) {
- ldap_opt_x_tls_require_cert = LDAP_OPT_X_TLS_TRY;
- }
- else if (strcasecmp(tls_reqcert, "demand") == 0) {
- ldap_opt_x_tls_require_cert = LDAP_OPT_X_TLS_DEMAND;
- }
- else if (strcasecmp(tls_reqcert, "hard") == 0) {
- ldap_opt_x_tls_require_cert = LDAP_OPT_X_TLS_HARD;
- }
- else {
- DEBUG(1, ("Unknown value for tls_reqcert.\n"));
- ret = EINVAL;
- goto done;
- }
- /* LDAP_OPT_X_TLS_REQUIRE_CERT has to be set as a global option,
- * because the SSL/TLS context is initialized from this value. */
- ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT,
- &ldap_opt_x_tls_require_cert);
- if (ret != LDAP_OPT_SUCCESS) {
- DEBUG(1, ("ldap_set_option failed: %s\n", ldap_err2string(ret)));
- ret = EIO;
- goto done;
- }
+ ret = setup_tls_config(ctx->opts->basic);
+ if (ret != EOK) {
+ DEBUG(1, ("setup_tls_config failed [%d][%s].\n", ret, strerror(ret)));
+ goto done;
}
*ops = &sdap_auth_ops;