directives be used instead.
.RE
.TP
+.B disallow <features>
+Specify a set of features (separated by white space) to disallow.
+.B bind_v2
+disables acceptance of LDAPv2 bind requests.
+.B bind_anon
+disables acceptance of anonymous bind requests.
+.B bind_anon_cred
+disables anonymous bind creditials are not empty (e.g. when
+DN is empty).
+.B bind_anon_dn
+disables anonymous bind when DN is not empty.
+.TP
.B idletimeout <integer>
Specify the number of seconds to wait before forcibly closing
an idle client connections. A idletimeout of 0 disables this
cannot find a local database to handle a request.
If specified multiple times, each url is provided.
.TP
+.B require <conditions>
+Specify a set of conditions (separated by white space) to require.
+The directive may be specified globally and/or per-database.
+.B bind
+requires bind operation prior to directory operations.
+.B LDAPv3
+requires session to be using LDAP version 3.
+.B authc
+requires authentication prior to directory operations.
+.B SASL
+requires SASL authentication prior to directory operations.
+.B strong
+requires strong authentication prior to directory operations.
+Currently
+.B SASL
+and
+.B strong
+conditions are currently same.
+.B none
+may be used to require no conditions (useful for clearly globally
+set conditions within a particular database).
+.TP
.B sasl-realm <string>
Used to specify Cyrus SASL realm.
.TP
if( op->o_authmech == NULL ||
op->o_dn == NULL || *op->o_dn == '\0' )
{
- *text = "SASL authentication required";
+ *text = "strong authentication required";
return LDAP_STRONG_AUTH_REQUIRED;
}
}
conn->c_dn = edn;
conn->c_authmech = mech;
if( ssf ) conn->c_sasl_layers++;
+ conn->c_sasl_ssf = ssf;
+ if( ssf > conn->c_ssf ) {
+ conn->c_ssf = ssf;
+ }
ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
} else if ( rc == LDAP_SASL_BIND_IN_PROGRESS ) {
projects / openldap / commitdiff