/* $OpenLDAP$ */
/*
- * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved.
+ * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
* COPYING RESTRICTIONS APPLY, see COPYRIGHT file
*/
/* ldapmodrdn.c - generic program to modify an entry's RDN using LDAP.
#include <ac/string.h>
#include <ac/unistd.h>
-#include <lber.h>
#include <ldap.h>
static char *binddn = NULL;
-static char *passwd = NULL;
+static struct berval passwd = { 0, NULL};
static char *ldaphost = NULL;
static int ldapport = 0;
#ifdef HAVE_CYRUS_SASL
" -W\t\tprompt for bind passwd\n"
" -X id\t\tSASL authorization identity (\"dn:<dn>\" or \"u:<user>\")\n"
" -Y mech\t\tSASL mechanism\n"
-" -Z\t\trequest the use of TLS (-ZZ to make it critical)\n"
+" -Z\t\tissue Start TLS request (-ZZ to require successful response)\n"
, s );
exit( EXIT_FAILURE );
version = LDAP_VERSION3; /* This option => force V3 */
break;
case 'w': /* password */
- passwd = strdup( optarg );
+ passwd.bv_val = strdup( optarg );
{
char* p;
*p = '*';
}
}
+ passwd.bv_len = strlen( passwd.bv_val );
break;
case 'd':
debug |= atoi( optarg );
if ( ( authmethod == LDAP_AUTH_KRBV4 ) || ( authmethod ==
LDAP_AUTH_KRBV41 ) ) {
- if( version != LDAP_VERSION2 ) {
+ if( version > LDAP_VERSION2 ) {
fprintf( stderr, "Kerberos requires LDAPv2\n" );
return( EXIT_FAILURE );
}
+ version = LDAP_VERSION2;
}
else if ( authmethod == LDAP_AUTH_SASL ) {
- if( version != LDAP_VERSION3 ) {
+ if( version != -1 && version != LDAP_VERSION3 ) {
fprintf( stderr, "SASL requires LDAPv3\n" );
return( EXIT_FAILURE );
}
+ version = LDAP_VERSION3;
}
if( manageDSAit ) {
- if( version != LDAP_VERSION3 ) {
+ if( version != -1 && version != LDAP_VERSION3 ) {
fprintf(stderr, "manage DSA control requires LDAPv3\n");
return EXIT_FAILURE;
}
+ version = LDAP_VERSION3;
+ }
+
+ if( use_tls ) {
+ if( version != -1 && version != LDAP_VERSION3 ) {
+ fprintf(stderr, "Start TLS requires LDAPv3\n");
+ return EXIT_FAILURE;
+ }
+ version = LDAP_VERSION3;
}
if (newSuperior != NULL) {
usage( argv[0] );
return( EXIT_FAILURE );
}
+ version = LDAP_VERSION3;
}
havedn = 0;
fprintf( stderr, "Could not set LDAP_OPT_PROTOCOL_VERSION %d\n", version );
}
- if ( use_tls && ldap_start_tls( ld, NULL, NULL ) != LDAP_SUCCESS ) {
+ if ( use_tls && ldap_start_tls_s( ld, NULL, NULL ) != LDAP_SUCCESS ) {
if ( use_tls > 1 ) {
ldap_perror( ld, "ldap_start_tls" );
return( EXIT_FAILURE );
}
}
- if (want_bindpw)
- passwd = getpass("Enter LDAP Password: ");
+ if (want_bindpw) {
+ passwd.bv_val = getpassphrase("Enter LDAP Password: ");
+ passwd.bv_len = passwd.bv_val ? strlen( passwd.bv_val ) : 0;
+ }
if ( authmethod == LDAP_AUTH_SASL ) {
#ifdef HAVE_CYRUS_SASL
return( EXIT_FAILURE );
}
- if ( ldap_negotiated_sasl_bind_s( ld, binddn, sasl_authc_id,
- sasl_authz_id, sasl_mech, NULL, NULL, NULL )
- != LDAP_SUCCESS ) {
- ldap_perror( ld, "ldap_sasl_bind" );
+ rc = ldap_negotiated_sasl_bind_s( ld, binddn, sasl_authc_id,
+ sasl_authz_id, sasl_mech,
+ passwd.bv_len ? &passwd : NULL,
+ NULL, NULL );
+
+ if( rc != LDAP_SUCCESS ) {
+ ldap_perror( ld, "ldap_negotiated_sasl_bind_s" );
return( EXIT_FAILURE );
}
#else
#endif
}
else {
- if ( ldap_bind_s( ld, binddn, passwd, authmethod )
+ if ( ldap_bind_s( ld, binddn, passwd.bv_val, authmethod )
!= LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_bind" );
return( EXIT_FAILURE );