From 8c60644bd8f2d739ff7a58b3717929254d09dfbe Mon Sep 17 00:00:00 2001
From: Jan Zeleny <jzeleny@redhat.com>
Date: Mon, 21 Nov 2011 06:26:44 -0500
Subject: Add ldap_sasl_minssf option

https://fedorahosted.org/sssd/ticket/1075
---
 src/providers/ldap/sdap_async_connection.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

(limited to 'src/providers/ldap/sdap_async_connection.c')

diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c
index 1f829f17..38f49303 100644
--- a/src/providers/ldap/sdap_async_connection.c
+++ b/src/providers/ldap/sdap_async_connection.c
@@ -150,6 +150,8 @@ static void sdap_sys_connect_done(struct tevent_req *subreq)
     struct sdap_rebind_proc_params *rebind_proc_params;
     int sd;
     bool sasl_nocanon;
+    const char *sasl_mech;
+    int sasl_minssf;
 
     ret = sss_ldap_init_recv(subreq, &state->sh->ldap, &sd);
     talloc_zfree(subreq);
@@ -269,6 +271,21 @@ static void sdap_sys_connect_done(struct tevent_req *subreq)
         goto fail;
     }
 
+    sasl_mech = dp_opt_get_string(state->opts->basic, SDAP_SASL_MECH);
+    if (sasl_mech != NULL) {
+        sasl_minssf = dp_opt_get_int(state->opts->basic, SDAP_SASL_MINSSF);
+        if (sasl_minssf >= 0) {
+            lret = ldap_set_option(state->sh->ldap, LDAP_OPT_X_SASL_SSF_MIN,
+                                   &sasl_minssf);
+            if (lret != LDAP_OPT_SUCCESS) {
+                DEBUG(SSSDBG_CRIT_FAILURE,
+                      ("Failed to set LDAP MIN SSF option to %d\n",
+                       sasl_minssf));
+                goto fail;
+            }
+        }
+    }
+
     /* if we do not use start_tls the connection is not really connected yet
      * just fake an async procedure and leave connection to the bind call */
     if (!state->use_start_tls) {
-- 
cgit