Commit 4613fdc8 authored by Quanah Gibson-Mount's avatar Quanah Gibson-Mount
Browse files

ITS#6147

parent 3f77ede7
......@@ -6,6 +6,7 @@ OpenLDAP 2.4.17 Engineering
Fixed libldap tls NULL error messages (ITS#6079)
Fixed liblutil opendir/closedir on windows (ITS#6041)
Fixed liblutil for _GNU_SOURCE (ITS#5464,ITS#5666)
Added slapd sasl auxprop support (ITS#6147)
Fixed slapd assert with closing connections (ITS#6111)
Fixed slapd cert validation (ITS#6098)
Fixed slapd errno handling (ITS#6037)
......
......@@ -665,6 +665,11 @@ ldapsearch -x -b "" -s base "+"
.br
See RFC 4512 section 5.1 for details.
.TP
.B olcSaslAuxprops: <plugin> [...]
Specify which auxprop plugins to use for authentication lookups. The
default is empty, which just uses slapd's internal support. Usually
no other auxprop plugins are needed.
.TP
.B olcSaslHost: <fqdn>
Used to specify the fully qualified domain name used for SASL processing.
.TP
......
......@@ -814,6 +814,11 @@ ldapsearch -x -b "" -s base "+"
.br
See RFC 4512 section 5.1 for details.
.TP
.B sasl-auxprops <plugin> [...]
Specify which auxprop plugins to use for authentication lookups. The
default is empty, which just uses slapd's internal support. Usually
no other auxprop plugins are needed.
.TP
.B sasl-host <fqdn>
Used to specify the fully qualified domain name used for SASL processing.
.TP
......
......@@ -530,6 +530,14 @@ static ConfigTable config_back_cf_table[] = {
"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
{ "sasl-authz-policy", NULL, 2, 2, 0, ARG_MAGIC|CFG_AZPOLICY,
&config_generic, NULL, NULL, NULL },
{ "sasl-auxprops", NULL, 2, 0, 0,
#ifdef HAVE_CYRUS_SASL
ARG_STRING|ARG_UNIQUE, &slap_sasl_auxprops,
#else
ARG_IGNORED, NULL,
#endif
"( OLcfgGlAt:89 NAME 'olcSaslAuxprops' "
"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
{ "sasl-host", "host", 2, 2, 0,
#ifdef HAVE_CYRUS_SASL
ARG_STRING|ARG_UNIQUE, &sasl_host,
......@@ -757,7 +765,7 @@ static ConfigOCs cf_ocs[] = {
"olcPluginLogFile $ olcReadOnly $ olcReferral $ "
"olcReplogFile $ olcRequires $ olcRestrict $ olcReverseLookup $ "
"olcRootDSE $ "
"olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ "
"olcSaslAuxprops $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ "
"olcSecurity $ olcServerID $ olcSizeLimit $ "
"olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ "
"olcThreads $ olcTimeLimit $ olcTLSCACertificateFile $ "
......
......@@ -1934,6 +1934,7 @@ LDAP_SLAPD_V (int) global_idletimeout;
LDAP_SLAPD_V (char *) global_host;
LDAP_SLAPD_V (char *) global_realm;
LDAP_SLAPD_V (char *) sasl_host;
LDAP_SLAPD_V (char *) slap_sasl_auxprops;
LDAP_SLAPD_V (char **) default_passwd_hash;
LDAP_SLAPD_V (int) lber_debug;
LDAP_SLAPD_V (int) ldap_syslog;
......
......@@ -63,8 +63,29 @@ typedef struct sasl_ctx {
static struct berval ext_bv = BER_BVC( "EXTERNAL" );
char *slap_sasl_auxprops;
#ifdef HAVE_CYRUS_SASL
/* Just use our internal auxprop by default */
static int
slap_sasl_getopt(
void *context,
const char *plugin_name,
const char *option,
const char **result,
unsigned *len)
{
if ( strcmp( option, "auxprop_plugin" )) {
return SASL_FAIL;
}
if ( slap_sasl_auxprops )
*result = slap_sasl_auxprops;
else
*result = "slapd";
return SASL_OK;
}
int
slap_sasl_log(
void *context,
......@@ -1078,6 +1099,7 @@ int slap_sasl_init( void )
int rc;
static sasl_callback_t server_callbacks[] = {
{ SASL_CB_LOG, &slap_sasl_log, NULL },
{ SASL_CB_GETOPT, &slap_sasl_getopt, NULL },
{ SASL_CB_LIST_END, NULL, NULL }
};
#endif
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment