+
+ if (version != -1 &&
+ ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version ) != LDAP_OPT_SUCCESS)
+ {
+ fprintf( stderr, "Could not set LDAP_OPT_PROTOCOL_VERSION %d\n", version );
+ }
+
+ if ( use_tls && ldap_start_tls( ld, NULL, NULL ) != LDAP_SUCCESS ) {
+ if ( use_tls > 1 ) {
+ ldap_perror( ld, "ldap_start_tls" );
+ return( EXIT_FAILURE );
+ }
+ }
+
+ if (want_bindpw)
+ passwd.bv_val = getpassphrase("Enter LDAP Password: ");
+ passwd.bv_len = strlen( passwd.bv_val );
+
+ if ( authmethod == LDAP_AUTH_SASL ) {
+#ifdef HAVE_CYRUS_SASL
+ int minssf = 0, maxssf = 0;
+
+ if ( sasl_integrity > 0 )
+ maxssf = 1;
+ if ( sasl_integrity > 1 )
+ minssf = 1;
+ if ( sasl_privacy > 0 )
+ maxssf = 100000; /* Something big value */
+ if ( sasl_privacy > 1 )
+ minssf = 56;
+
+ if ( ldap_set_option( ld, LDAP_OPT_X_SASL_MINSSF,
+ (void *)&minssf ) != LDAP_OPT_SUCCESS ) {
+ fprintf( stderr, "Could not set LDAP_OPT_X_SASL_MINSSF"
+ "%d\n", minssf);
+ return( EXIT_FAILURE );
+ }
+ if ( ldap_set_option( ld, LDAP_OPT_X_SASL_MAXSSF,
+ (void *)&maxssf ) != LDAP_OPT_SUCCESS ) {
+ fprintf( stderr, "Could not set LDAP_OPT_X_SASL_MAXSSF"
+ "%d\n", maxssf);
+ return( EXIT_FAILURE );
+ }
+
+ rc = ldap_negotiated_sasl_bind_s( ld, binddn, sasl_authc_id,
+ sasl_authz_id, sasl_mech,
+ passwd.bv_len ? &passwd : NULL,
+ NULL, NULL );
+
+ if( rc != LDAP_SUCCESS ) {
+ ldap_perror( ld, "ldap_negotiated_sasl_bind_s" );
+ return( EXIT_FAILURE );
+ }
+#else
+ fprintf( stderr, "%s was not compiled with SASL support\n",
+ argv[0] );
+ return( EXIT_FAILURE );
+#endif
+ }
+ else {
+ if ( ldap_bind_s( ld, binddn, passwd.bv_val, authmethod )
+ != LDAP_SUCCESS ) {
+ ldap_perror( ld, "ldap_bind" );
+ return( EXIT_FAILURE );
+ }
+ }
+
+ if ( manageDSAit ) {
+ int err;
+ LDAPControl c;
+ LDAPControl *ctrls[2];
+ ctrls[0] = &c;
+ ctrls[1] = NULL;
+
+ c.ldctl_oid = LDAP_CONTROL_MANAGEDSAIT;
+ c.ldctl_value.bv_val = NULL;
+ c.ldctl_value.bv_len = 0;
+ c.ldctl_iscritical = manageDSAit > 1;
+
+ err = ldap_set_option( ld, LDAP_OPT_SERVER_CONTROLS, &ctrls );
+
+ if( err != LDAP_OPT_SUCCESS ) {
+ fprintf( stderr, "Could not set Manage DSA IT Control\n" );
+ if( c.ldctl_iscritical ) {
+ exit( EXIT_FAILURE );
+ }
+ }
+ }