+ /* If we already have an authentication context, clear it out */
+ if( oldctx ) {
+ if ( oldctx != ld->ld_defconn->lconn_sasl_sockctx ) {
+ sasl_dispose( &oldctx );
+ }
+ ld->ld_defconn->lconn_sasl_authctx = NULL;
+ }
+
+ { char *saslhost = ldap_host_connected_to( ld->ld_sb, "localhost" );
+ rc = ldap_int_sasl_open( ld, ld->ld_defconn, saslhost );
+ LDAP_FREE( saslhost );
+ }
+
+ if ( rc != LDAP_SUCCESS ) return rc;
+
+ ctx = ld->ld_defconn->lconn_sasl_authctx;
+
+ /* Check for TLS */
+ ssl = ldap_pvt_tls_sb_ctx( ld->ld_sb );
+ if ( ssl ) {
+ struct berval authid = { 0, NULL };
+ ber_len_t fac;
+
+ fac = ldap_pvt_tls_get_strength( ssl );
+ /* failure is OK, we just can't use SASL EXTERNAL */
+ (void) ldap_pvt_tls_get_my_dn( ssl, &authid, NULL, 0 );
+
+ (void) ldap_int_sasl_external( ld, ld->ld_defconn, authid.bv_val, fac );
+ LDAP_FREE( authid.bv_val );
+ }
+
+ /* Check for local */
+ if ( ldap_pvt_url_scheme2proto( ld->ld_defconn->lconn_server->lud_scheme ) == LDAP_PROTO_IPC ) {
+ char authid[sizeof("uidNumber=4294967295+gidNumber=4294967295,"
+ "cn=peercred,cn=external,cn=auth")];
+ sprintf( authid, "uidNumber=%d+gidNumber=%d,"
+ "cn=peercred,cn=external,cn=auth",
+ (int) geteuid(), (int) getegid() );
+ (void) ldap_int_sasl_external( ld, ld->ld_defconn, authid, LDAP_PVT_SASL_LOCAL_SSF );