diff options
| author | Arthur de Jong <arthur@arthurdejong.org> | 2012-11-13 21:03:59 +0100 |
|---|---|---|
| committer | Arthur de Jong <arthur@arthurdejong.org> | 2012-11-13 21:03:59 +0100 |
| commit | e84a5156a99e8423522ef1f0b9cd0000e8e30446 (patch) | |
| tree | 218eab601ab1868889ba62263816e5e18713cb2a | |
| parent | 702105695b26a12d47203fbacb4fc8057858a8b3 (diff) | |
to only set LDAP_OPT_X_SASL_NOCANON if the sasl_canonicalize option is explicitly set in the configuration file
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1824 ef36b2f9-881f-0410-afb5-c4e39611909c
| -rw-r--r-- | man/nslcd.conf.5.xml | 3 | ||||
| -rw-r--r-- | nslcd/cfg.c | 2 | ||||
| -rw-r--r-- | nslcd/myldap.c | 7 | ||||
| -rw-r--r-- | pynslcd/cfg.py | 2 | ||||
| -rwxr-xr-x | pynslcd/pynslcd.py | 3 |
5 files changed, 11 insertions, 6 deletions
diff --git a/man/nslcd.conf.5.xml b/man/nslcd.conf.5.xml index 717ece7..14aa923 100644 --- a/man/nslcd.conf.5.xml +++ b/man/nslcd.conf.5.xml @@ -289,7 +289,8 @@ Determines whether the <acronym>LDAP</acronym> server host name should be canonicalised. If this is set to yes the <acronym>LDAP</acronym> library will do a reverse host name lookup. - By default this extra lookup is performed. + By default, it is left up to the <acronym>LDAP</acronym> library + whether this check is performed or not. </para> </listitem> </varlistentry> diff --git a/nslcd/cfg.c b/nslcd/cfg.c index d928440..ceab48c 100644 --- a/nslcd/cfg.c +++ b/nslcd/cfg.c @@ -112,7 +112,7 @@ static void cfg_defaults(struct ldap_config *cfg) cfg->ldc_sasl_authzid=NULL; cfg->ldc_sasl_secprops=NULL; #ifdef LDAP_OPT_X_SASL_NOCANON - cfg->ldc_sasl_canonicalize=1; + cfg->ldc_sasl_canonicalize=-1; #endif /* LDAP_OPT_X_SASL_NOCANON */ for (i=0;i<NSS_LDAP_CONFIG_MAX_BASES;i++) cfg->ldc_bases[i]=NULL; diff --git a/nslcd/myldap.c b/nslcd/myldap.c index 048d878..afbb5e9 100644 --- a/nslcd/myldap.c +++ b/nslcd/myldap.c @@ -668,8 +668,11 @@ static int do_set_options(MYLDAP_SESSION *session) } #endif /* LDAP_OPT_X_TLS */ #ifdef LDAP_OPT_X_SASL_NOCANON - log_log(LOG_DEBUG,"ldap_set_option(LDAP_OPT_X_SASL_NOCANON,%s)",nslcd_cfg->ldc_sasl_canonicalize?"LDAP_OPT_OFF":"LDAP_OPT_ON"); - LDAP_SET_OPTION(session->ld,LDAP_OPT_X_SASL_NOCANON,nslcd_cfg->ldc_sasl_canonicalize?LDAP_OPT_OFF:LDAP_OPT_ON); + if (nslcd_cfg->ldc_sasl_canonicalize>=0) + { + log_log(LOG_DEBUG,"ldap_set_option(LDAP_OPT_X_SASL_NOCANON,%s)",nslcd_cfg->ldc_sasl_canonicalize?"LDAP_OPT_OFF":"LDAP_OPT_ON"); + LDAP_SET_OPTION(session->ld,LDAP_OPT_X_SASL_NOCANON,nslcd_cfg->ldc_sasl_canonicalize?LDAP_OPT_OFF:LDAP_OPT_ON); + } #endif /* LDAP_OPT_X_SASL_NOCANON */ /* if nothing above failed, everything should be fine */ return LDAP_SUCCESS; diff --git a/pynslcd/cfg.py b/pynslcd/cfg.py index 633a953..33feca1 100644 --- a/pynslcd/cfg.py +++ b/pynslcd/cfg.py @@ -52,7 +52,7 @@ sasl_realm = None sasl_authcid = None sasl_authzid = None sasl_secprops = None -sasl_canonicalize = True +sasl_canonicalize = None # LDAP bases to search bases = [] diff --git a/pynslcd/pynslcd.py b/pynslcd/pynslcd.py index aba9b4b..177b627 100755 --- a/pynslcd/pynslcd.py +++ b/pynslcd/pynslcd.py @@ -248,7 +248,8 @@ def get_connection(): session.set_option(ldap.OPT_NETWORK_TIMEOUT, cfg.timelimit) if cfg.referrals: session.set_option(ldap.OPT_REFERRALS, cfg.referrals) - session.set_option(ldap.OPT_X_SASL_NOCANON, not cfg.sasl_canonicalize) + if cfg.sasl_canonicalize is not None: + session.set_option(ldap.OPT_X_SASL_NOCANON, not cfg.sasl_canonicalize) session.set_option(ldap.OPT_RESTART, True) # TODO: register a connection callback (like dis?connect_cb() in myldap.c) if cfg.ssl or cfg.uri.startswith('ldaps://'): |