For LDAP_PROTO_IPC set the SASL EXTERNAL authid to allow the mech to be

used by the client side. Please review.

diff --git a/libraries/libldap/open.c b/libraries/libldap/open.c
index 8030790a942a9d3d5d26b768553376227b3c4740..1d2a7d62c62d17d91468b49cb4508fb29c58e0b8 100644 (file)
--- a/libraries/libldap/open.c
+++ b/libraries/libldap/open.c
@@ -353,6 +353,15 @@ ldap_int_open_connection(
                ldap_int_sasl_open( ld, conn, sasl_host, sasl_ssf );
                LDAP_FREE( sasl_host );
        }
+       /* sasl_ssf is set redundantly. Should probably remove it from
+        * the ldap_int_sasl_open call since the TLS ssf isn't known
+        * yet anyway.
+        */
+       if( proto == LDAP_PROTO_IPC ) {
+               char authid[64];
+               sprintf( authid, "uid=%d+gid=%d", geteuid(), getegid() );
+               ldap_int_sasl_external( ld, conn, authid, sasl_ssf );
+       }
 #endif
 
 #ifdef HAVE_TLS