+ if (deref != -1 &&
+ ldap_set_option( ld, LDAP_OPT_DEREF, (void *) &deref ) != LDAP_OPT_SUCCESS )
+ {
+ fprintf( stderr, "Could not set LDAP_OPT_DEREF %d\n", deref );
+ }
+ if (timelimit != -1 &&
+ ldap_set_option( ld, LDAP_OPT_TIMELIMIT, (void *) &timelimit ) != LDAP_OPT_SUCCESS )
+ {
+ fprintf( stderr, "Could not set LDAP_OPT_TIMELIMIT %d\n", timelimit );
+ }
+ if (sizelimit != -1 &&
+ ldap_set_option( ld, LDAP_OPT_SIZELIMIT, (void *) &sizelimit ) != LDAP_OPT_SUCCESS )
+ {
+ fprintf( stderr, "Could not set LDAP_OPT_SIZELIMIT %d\n", sizelimit );
+ }
+ if (referrals != -1 &&
+ ldap_set_option( ld, LDAP_OPT_REFERRALS,
+ (referrals ? LDAP_OPT_ON : LDAP_OPT_OFF) ) != LDAP_OPT_SUCCESS )
+ {
+ fprintf( stderr, "Could not set LDAP_OPT_REFERRALS %s\n",
+ referrals ? "on" : "off" );
+ }
+
+ if (version == -1 ) {
+ version = 3;
+ }
+
+ if( ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version )
+ != LDAP_OPT_SUCCESS )
+ {
+ fprintf( stderr, "Could not set LDAP_OPT_PROTOCOL_VERSION %d\n",
+ version );
+ }
+
+ if ( use_tls && ldap_start_tls_s( ld, NULL, NULL ) != LDAP_SUCCESS ) {
+ if ( use_tls > 1 ) {
+ ldap_perror( ld, "ldap_start_tls" );
+ return( EXIT_FAILURE );
+ }
+ }
+
+ if (want_bindpw) {
+ passwd.bv_val = getpassphrase("Enter LDAP Password: ");
+ passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0;
+ }
+
+ if ( authmethod == LDAP_AUTH_SASL ) {
+#ifdef HAVE_CYRUS_SASL
+ int minssf = 0, maxssf = 0;
+
+ if ( sasl_integrity > 0 )
+ maxssf = 1;
+ if ( sasl_integrity > 1 )
+ minssf = 1;
+ if ( sasl_privacy > 0 )
+ maxssf = 100000; /* Something big value */
+ if ( sasl_privacy > 1 )
+ minssf = 56;
+
+ if ( ldap_set_option( ld, LDAP_OPT_X_SASL_MINSSF,
+ (void *)&minssf ) != LDAP_OPT_SUCCESS ) {
+ fprintf( stderr, "Could not set LDAP_OPT_X_SASL_MINSSF"
+ "%d\n", minssf);
+ return( EXIT_FAILURE );
+ }
+ if ( ldap_set_option( ld, LDAP_OPT_X_SASL_MAXSSF,
+ (void *)&maxssf ) != LDAP_OPT_SUCCESS ) {
+ fprintf( stderr, "Could not set LDAP_OPT_X_SASL_MAXSSF"
+ "%d\n", maxssf);
+ return( EXIT_FAILURE );
+ }
+
+ rc = ldap_negotiated_sasl_bind_s( ld, binddn, sasl_authc_id,
+ sasl_authz_id, sasl_mech,
+ passwd.bv_len ? &passwd : NULL,
+ NULL, NULL );
+
+ if( rc != LDAP_SUCCESS ) {
+ ldap_perror( ld, "ldap_negotiated_sasl_bind_s" );
+ return( EXIT_FAILURE );
+ }
+#else
+ fprintf( stderr, "%s was not compiled with SASL support\n",
+ argv[0] );
+ return( EXIT_FAILURE );
+#endif