X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fback-ldap%2Fconfig.c;h=7b5cb291f134f8768501112831a71a001dc7e5f2;hb=22e5e49f267add520e92baa7abe683c9a58bbdf7;hp=bfa8adc13841ec1a065f921a73d4c117ff0d6e92;hpb=32048a5128de3cd7b56bf60df14280494f3ab04d;p=openldap
diff --git a/servers/slapd/back-ldap/config.c b/servers/slapd/back-ldap/config.c
index bfa8adc138..7b5cb291f1 100644
--- a/servers/slapd/back-ldap/config.c
+++ b/servers/slapd/back-ldap/config.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software .
*
- * Copyright 2003-2009 The OpenLDAP Foundation.
+ * Copyright 2003-2010 The OpenLDAP Foundation.
* Portions Copyright 1999-2003 Howard Chu.
* Portions Copyright 2000-2003 Pierangelo Masarati.
* All rights reserved.
@@ -863,6 +863,12 @@ slap_idassert_parse( ConfigArgs *c, slap_idassert_t *si )
si->si_flags |= LDAP_BACK_AUTH_OBSOLETE_ENCODING_WORKAROUND;
}
+ } else if ( strcasecmp( flags[ j ], "proxy-authz-critical" ) == 0 ) {
+ si->si_flags |= LDAP_BACK_AUTH_PROXYAUTHZ_CRITICAL;
+
+ } else if ( strcasecmp( flags[ j ], "proxy-authz-non-critical" ) == 0 ) {
+ si->si_flags &= ~LDAP_BACK_AUTH_PROXYAUTHZ_CRITICAL;
+
} else {
snprintf( c->cr_msg, sizeof( c->cr_msg ),
"\"idassert-bind \": "
@@ -1137,7 +1143,7 @@ ldap_back_cf_gen( ConfigArgs *c )
(void)lutil_strcopy( ptr, "authz=native" );
}
- len = bv.bv_len + STRLENOF( "flags=non-prescriptive,override,obsolete-encoding-workaround" );
+ len = bv.bv_len + STRLENOF( "flags=non-prescriptive,override,obsolete-encoding-workaround,proxy-authz-non-critical" );
/* flags */
if ( !BER_BVISEMPTY( &bv ) ) {
len += STRLENOF( " " );
@@ -1170,6 +1176,13 @@ ldap_back_cf_gen( ConfigArgs *c )
ptr = lutil_strcopy( ptr, ",obsolete-encoding-workaround" );
}
+ if ( li->li_idassert_flags & LDAP_BACK_AUTH_PROXYAUTHZ_CRITICAL ) {
+ ptr = lutil_strcopy( ptr, ",proxy-authz-critical" );
+
+ } else {
+ ptr = lutil_strcopy( ptr, ",proxy-authz-non-critical" );
+ }
+
bv.bv_len = ( ptr - bv.bv_val );
/* end-of-flags */
}
@@ -1452,6 +1465,7 @@ ldap_back_cf_gen( ConfigArgs *c )
case LDAP_BACK_CFG_IDASSERT_BIND:
bindconf_free( &li->li_idassert.si_bc );
+ memset( &li->li_idassert, 0, sizeof( slap_idassert_t ) );
break;
case LDAP_BACK_CFG_REBIND: