+
+ case AUTH_SASL:
+#ifdef NEW_LOGGING
+ LDAP_LOG ( OPERATION, ARGS,
+ "do_bind: bind to %s as %s via %s (SASL)\n",
+ ri->ri_hostname,
+ ri->ri_authcId ? ri->ri_authcId : "-",
+ ri->ri_saslmech );
+#else
+ Debug( LDAP_DEBUG_ARGS, "bind to %s as %s via %s (SASL)\n",
+ ri->ri_hostname,
+ ri->ri_authcId ? ri->ri_authcId : "-",
+ ri->ri_saslmech );
+#endif
+
+#ifdef HAVE_CYRUS_SASL
+ if( ri->ri_secprops != NULL ) {
+ int err;
+ err = ldap_set_option(ri->ri_ldp, LDAP_OPT_X_SASL_SECPROPS,
+ ri->ri_secprops);
+
+ if( err != LDAP_OPT_SUCCESS ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG ( OPERATION, ERR, "do_bind: "
+ "Error: ldap_set_option(%s,SECPROPS,\"%s\") failed!\n",
+ ri->ri_hostname, ri->ri_secprops, 0 );
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "Error: ldap_set_option(%s,SECPROPS,\"%s\") failed!\n",
+ ri->ri_hostname, ri->ri_secprops, NULL );
+#endif
+ ldap_unbind( ri->ri_ldp );
+ ri->ri_ldp = NULL;
+ return BIND_ERR_SASL_FAILED;
+ }
+ }
+
+ {
+ char *passwd = ri->ri_password ? ber_strdup( ri->ri_password ) : NULL;
+ void *defaults = lutil_sasl_defaults( ri->ri_ldp, ri->ri_saslmech,
+ ri->ri_realm, ri->ri_authcId, passwd, ri->ri_authzId );
+
+ ldrc = ldap_sasl_interactive_bind_s( ri->ri_ldp, ri->ri_bind_dn,
+ ri->ri_saslmech, NULL, NULL,
+ LDAP_SASL_QUIET, lutil_sasl_interact, defaults );
+ if ( ldrc != LDAP_SUCCESS ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG ( OPERATION, ERR, "do_bind: "
+ "Error: LDAP SASL for %s:%d failed: %s\n",
+ ri->ri_hostname, ri->ri_port, ldap_err2string( ldrc ) );
+#else
+ Debug( LDAP_DEBUG_ANY, "Error: LDAP SASL for %s:%d failed: %s\n",
+ ri->ri_hostname, ri->ri_port, ldap_err2string( ldrc ));
+#endif
+ *lderr = ldrc;
+ ldap_unbind( ri->ri_ldp );
+ ri->ri_ldp = NULL;
+ return( BIND_ERR_SASL_FAILED );
+ }
+
+ ber_memfree( passwd );
+ ber_memfree( defaults );
+ }
+ break;
+#else
+#ifdef NEW_LOGGING
+ LDAP_LOG ( OPERATION, ERR, "do_bind: "
+ "Error: do_bind: SASL not supported %s:%d\n",
+ ri->ri_hostname, ri->ri_port, 0 );
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "Error: do_bind: SASL not supported %s:%d\n",
+ ri->ri_hostname, ri->ri_port, NULL );
+#endif
+ ldap_unbind( ri->ri_ldp );
+ ri->ri_ldp = NULL;
+ return( BIND_ERR_BAD_ATYPE );
+#endif
+