+ /* save bind creds for referral rebinds? */
+ } else if ( strcasecmp( argv[ 0 ], "rebind-as-user" ) == 0 ) {
+ if ( argc > 2 ) {
+ fprintf( stderr,
+ "%s: line %d: \"rebind-as-user {NO|yes}\" takes 1 argument.\n",
+ fname, lineno );
+ return( 1 );
+ }
+
+ if ( argc == 1 ) {
+ fprintf( stderr,
+ "%s: line %d: deprecated use of \"rebind-as-user {NO|yes}\" with no arguments.\n",
+ fname, lineno );
+ mi->flags |= LDAP_BACK_F_SAVECRED;
+
+ } else {
+ if ( strcasecmp( argv[ 1 ], "no" ) == 0 ) {
+ mi->flags &= ~LDAP_BACK_F_SAVECRED;
+
+ } else if ( strcasecmp( argv[ 1 ], "yes" ) == 0 ) {
+ mi->flags |= LDAP_BACK_F_SAVECRED;
+
+ } else {
+ fprintf( stderr,
+ "%s: line %d: \"rebind-as-user {NO|yes}\" unknown argument \"%s\".\n",
+ fname, lineno, argv[ 1 ] );
+ return 1;
+ }
+ }
+
+ } else if ( strcasecmp( argv[ 0 ], "chase-referrals" ) == 0 ) {
+ unsigned *flagsp = mi->mi_ntargets ?
+ &mi->mi_targets[ mi->mi_ntargets - 1 ].mt_flags
+ : &mi->flags;
+
+ if ( argc != 2 ) {
+ fprintf( stderr,
+ "%s: line %d: \"chase-referrals\" needs 1 argument.\n",
+ fname, lineno );
+ return( 1 );
+ }
+
+ /* this is the default; we add it because the default might change... */
+ if ( strcasecmp( argv[ 1 ], "yes" ) == 0 ) {
+ *flagsp |= LDAP_BACK_F_CHASE_REFERRALS;
+
+ } else if ( strcasecmp( argv[ 1 ], "no" ) == 0 ) {
+ *flagsp &= ~LDAP_BACK_F_CHASE_REFERRALS;
+
+ } else {
+ fprintf( stderr,
+ "%s: line %d: \"chase-referrals {YES|no}\": unknown argument \"%s\".\n",
+ fname, lineno, argv[ 1 ] );
+ return( 1 );
+ }
+
+ } else if ( strcasecmp( argv[ 0 ], "tls" ) == 0 ) {
+ unsigned *flagsp = mi->mi_ntargets ?
+ &mi->mi_targets[ mi->mi_ntargets - 1 ].mt_flags
+ : &mi->flags;
+
+ if ( argc != 2 ) {
+ fprintf( stderr,
+ "%s: line %d: \"tls <what>\" needs 1 argument.\n",
+ fname, lineno );
+ return( 1 );
+ }
+
+ /* start */
+ if ( strcasecmp( argv[ 1 ], "start" ) == 0 ) {
+ *flagsp |= ( LDAP_BACK_F_USE_TLS | LDAP_BACK_F_TLS_CRITICAL );
+
+ /* try start tls */
+ } else if ( strcasecmp( argv[ 1 ], "try-start" ) == 0 ) {
+ *flagsp &= ~LDAP_BACK_F_TLS_CRITICAL;
+ *flagsp |= LDAP_BACK_F_USE_TLS;
+
+ /* propagate start tls */
+ } else if ( strcasecmp( argv[ 1 ], "propagate" ) == 0 ) {
+ *flagsp |= ( LDAP_BACK_F_PROPAGATE_TLS | LDAP_BACK_F_TLS_CRITICAL );
+
+ /* try start tls */
+ } else if ( strcasecmp( argv[ 1 ], "try-propagate" ) == 0 ) {
+ *flagsp &= ~LDAP_BACK_F_TLS_CRITICAL;
+ *flagsp |= LDAP_BACK_F_PROPAGATE_TLS;
+
+ } else {
+ fprintf( stderr,
+ "%s: line %d: \"tls <what>\": unknown argument \"%s\".\n",
+ fname, lineno, argv[ 1 ] );
+ return( 1 );
+ }
+
+ } else if ( strcasecmp( argv[ 0 ], "t-f-support" ) == 0 ) {
+ unsigned *flagsp = mi->mi_ntargets ?
+ &mi->mi_targets[ mi->mi_ntargets - 1 ].mt_flags
+ : &mi->flags;
+
+ if ( argc != 2 ) {
+ fprintf( stderr,
+ "%s: line %d: \"t-f-support {NO|yes|discover}\" needs 1 argument.\n",
+ fname, lineno );
+ return( 1 );
+ }
+
+ if ( strcasecmp( argv[ 1 ], "no" ) == 0 ) {
+ *flagsp &= ~(LDAP_BACK_F_SUPPORT_T_F|LDAP_BACK_F_SUPPORT_T_F_DISCOVER);
+
+ } else if ( strcasecmp( argv[ 1 ], "yes" ) == 0 ) {
+ *flagsp |= LDAP_BACK_F_SUPPORT_T_F;
+
+ } else if ( strcasecmp( argv[ 1 ], "discover" ) == 0 ) {
+ *flagsp |= LDAP_BACK_F_SUPPORT_T_F_DISCOVER;
+
+ } else {
+ fprintf( stderr,
+ "%s: line %d: unknown value \"%s\" for \"t-f-support {no|yes|discover}\".\n",
+ fname, lineno, argv[ 1 ] );
+ return 1;
+ }
+
+ /* onerr? */
+ } else if ( strcasecmp( argv[ 0 ], "onerr" ) == 0 ) {
+ if ( argc != 2 ) {
+ fprintf( stderr,
+ "%s: line %d: \"onerr {CONTINUE|stop}\" takes 1 argument\n",
+ fname, lineno );
+ return( 1 );
+ }
+
+ if ( strcasecmp( argv[ 1 ], "continue" ) == 0 ) {
+ mi->flags &= ~META_BACK_F_ONERR_STOP;
+
+ } else if ( strcasecmp( argv[ 1 ], "stop" ) == 0 ) {
+ mi->flags |= META_BACK_F_ONERR_STOP;
+
+ } else {
+ fprintf( stderr,
+ "%s: line %d: \"onerr {CONTINUE|stop}\": invalid arg \"%s\".\n",
+ fname, lineno, argv[ 1 ] );
+ return 1;
+ }
+