From 102f12a71a21f1a032b3d9a88c993a3d3f406488 Mon Sep 17 00:00:00 2001
From: Kurt Zeilenga <kurt@openldap.org>
Date: Mon, 28 Aug 2000 23:29:29 +0000
Subject: [PATCH] Restrict bind

---
 servers/slapd/bind.c | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/servers/slapd/bind.c b/servers/slapd/bind.c
index e825eeb850..d65bd9c223 100644
--- a/servers/slapd/bind.c
+++ b/servers/slapd/bind.c
@@ -346,6 +346,33 @@ do_bind(
 		goto cleanup;
 	}
 
+	if( op->o_ssf < be->be_ssf_set.sss_ssf ) {
+		text = "confidentiality required";
+		rc = LDAP_CONFIDENTIALITY_REQUIRED;
+
+	} else if( op->o_transport_ssf < be->be_ssf_set.sss_transport ) {
+		text = "transport confidentiality required";
+		rc = LDAP_CONFIDENTIALITY_REQUIRED;
+
+	} else if( op->o_tls_ssf < be->be_ssf_set.sss_tls ) {
+		text = "TLS confidentiality required";
+		rc = LDAP_CONFIDENTIALITY_REQUIRED;
+
+	} else if( op->o_sasl_ssf < be->be_ssf_set.sss_sasl ) {
+		text = "SASL confidentiality required";
+		rc = LDAP_CONFIDENTIALITY_REQUIRED;
+
+	} else if( be->be_restrictops & SLAP_RESTRICT_OP_BIND ) {
+		text = "bind operation restricted";
+		rc = LDAP_UNWILLING_TO_PERFORM;
+	}
+
+	if( rc != LDAP_SUCCESS ) {
+		send_ldap_result( conn, op, rc,
+			NULL, text, NULL, NULL );
+		goto cleanup;
+	}
+
 	conn->c_authz_backend = be;
 
 	if ( be->be_bind ) {
-- 
2.39.5