with ldapi:// sessions.
.\"only go to stderr and are not recorded anywhere else. Specifying a logfile
.\"copies messages to both stderr and the logfile.
.TP
+.B localSSF <SSF>
+Specifies the Security Strength Factor (SSF) to be given local LDAP sessions,
+such as those to the ldapi:// listener. For a description of SSF values,
+see
+.BR sasl-secprops 's
+.B minssf
+property description.
+.TP
.B loglevel <integer> [...]
Specify the level at which debugging statements and operation
statistics should be syslogged (currently logged to the
return( 1 );
}
+ /* set local security factor */
+ } else if ( strcasecmp( cargv[0], "localSSF" ) == 0 ) {
+ long ssf;
+ if ( cargc < 2 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: missing ssf in \"localSSF <ssf>\" line\n",
+ fname, lineno, 0 );
+ return( 1 );
+ }
+
+ ssf = atol( cargv[1] );
+
+ if( ssf < 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: invalid ssf value (%ld) in "
+ "\"localSSF <ssf>\" line.\n",
+ fname, lineno, ssf );
+ return( 1 );
+ }
+
+ local_ssf = ssf;
+
/* set thread concurrency */
} else if ( strcasecmp( cargv[0], "concurrency" ) == 0 ) {
int c;
be->be_requires = requires;
}
- /* required security factors */
} else if ( strcasecmp( cargv[0], "security" ) == 0 ) {
slap_ssf_set_t *set;
/* globals */
time_t starttime;
ber_socket_t dtblsize;
+slap_ssf_t local_ssf = LDAP_PVT_SASL_LOCAL_SSF;
Listener **slap_listeners = NULL;
}
sprintf( peername, "PATH=%s", from.sa_un_addr.sun_path );
- ssf = LDAP_PVT_SASL_LOCAL_SSF;
+ ssf = local_ssf;
{
uid_t uid;
gid_t gid;
LDAP_SLAPD_V (volatile sig_atomic_t) slapd_abrupt_shutdown;
LDAP_SLAPD_V (volatile sig_atomic_t) slapd_shutdown;
LDAP_SLAPD_V (int) slapd_register_slp;
+LDAP_SLAPD_V (slap_ssf_t) local_ssf;
/*
* dn.c
projects / openldap / commitdiff