From e84a5156a99e8423522ef1f0b9cd0000e8e30446 Mon Sep 17 00:00:00 2001
From: Arthur de Jong <arthur@arthurdejong.org>
Date: Tue, 13 Nov 2012 20:03:59 +0000
Subject: to only set LDAP_OPT_X_SASL_NOCANON if the sasl_canonicalize option
 is explicitly set in the configuration file

git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1824 ef36b2f9-881f-0410-afb5-c4e39611909c
---
 man/nslcd.conf.5.xml | 3 ++-
 nslcd/cfg.c          | 2 +-
 nslcd/myldap.c       | 7 +++++--
 pynslcd/cfg.py       | 2 +-
 pynslcd/pynslcd.py   | 3 ++-
 5 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/man/nslcd.conf.5.xml b/man/nslcd.conf.5.xml
index 717ece7..14aa923 100644
--- a/man/nslcd.conf.5.xml
+++ b/man/nslcd.conf.5.xml
@@ -289,7 +289,8 @@
        Determines whether the <acronym>LDAP</acronym> server host name should
        be canonicalised. If this is set to yes the <acronym>LDAP</acronym>
        library will do a reverse host name lookup.
-       By default this extra lookup is performed.
+       By default, it is left up to the <acronym>LDAP</acronym> library
+       whether this check is performed or not.
       </para>
      </listitem>
     </varlistentry>
diff --git a/nslcd/cfg.c b/nslcd/cfg.c
index d928440..ceab48c 100644
--- a/nslcd/cfg.c
+++ b/nslcd/cfg.c
@@ -112,7 +112,7 @@ static void cfg_defaults(struct ldap_config *cfg)
   cfg->ldc_sasl_authzid=NULL;
   cfg->ldc_sasl_secprops=NULL;
 #ifdef LDAP_OPT_X_SASL_NOCANON
-  cfg->ldc_sasl_canonicalize=1;
+  cfg->ldc_sasl_canonicalize=-1;
 #endif /* LDAP_OPT_X_SASL_NOCANON */
   for (i=0;i<NSS_LDAP_CONFIG_MAX_BASES;i++)
     cfg->ldc_bases[i]=NULL;
diff --git a/nslcd/myldap.c b/nslcd/myldap.c
index 048d878..afbb5e9 100644
--- a/nslcd/myldap.c
+++ b/nslcd/myldap.c
@@ -668,8 +668,11 @@ static int do_set_options(MYLDAP_SESSION *session)
   }
 #endif /* LDAP_OPT_X_TLS */
 #ifdef LDAP_OPT_X_SASL_NOCANON
-  log_log(LOG_DEBUG,"ldap_set_option(LDAP_OPT_X_SASL_NOCANON,%s)",nslcd_cfg->ldc_sasl_canonicalize?"LDAP_OPT_OFF":"LDAP_OPT_ON");
-  LDAP_SET_OPTION(session->ld,LDAP_OPT_X_SASL_NOCANON,nslcd_cfg->ldc_sasl_canonicalize?LDAP_OPT_OFF:LDAP_OPT_ON);
+  if (nslcd_cfg->ldc_sasl_canonicalize>=0)
+  {
+    log_log(LOG_DEBUG,"ldap_set_option(LDAP_OPT_X_SASL_NOCANON,%s)",nslcd_cfg->ldc_sasl_canonicalize?"LDAP_OPT_OFF":"LDAP_OPT_ON");
+    LDAP_SET_OPTION(session->ld,LDAP_OPT_X_SASL_NOCANON,nslcd_cfg->ldc_sasl_canonicalize?LDAP_OPT_OFF:LDAP_OPT_ON);
+  }
 #endif /* LDAP_OPT_X_SASL_NOCANON */
   /* if nothing above failed, everything should be fine */
   return LDAP_SUCCESS;
diff --git a/pynslcd/cfg.py b/pynslcd/cfg.py
index 633a953..33feca1 100644
--- a/pynslcd/cfg.py
+++ b/pynslcd/cfg.py
@@ -52,7 +52,7 @@ sasl_realm = None
 sasl_authcid = None
 sasl_authzid = None
 sasl_secprops = None
-sasl_canonicalize = True
+sasl_canonicalize = None
 
 # LDAP bases to search
 bases = []
diff --git a/pynslcd/pynslcd.py b/pynslcd/pynslcd.py
index aba9b4b..177b627 100755
--- a/pynslcd/pynslcd.py
+++ b/pynslcd/pynslcd.py
@@ -248,7 +248,8 @@ def get_connection():
         session.set_option(ldap.OPT_NETWORK_TIMEOUT, cfg.timelimit)
     if cfg.referrals:
         session.set_option(ldap.OPT_REFERRALS, cfg.referrals)
-    session.set_option(ldap.OPT_X_SASL_NOCANON, not cfg.sasl_canonicalize)
+    if cfg.sasl_canonicalize is not None:
+        session.set_option(ldap.OPT_X_SASL_NOCANON, not cfg.sasl_canonicalize)
     session.set_option(ldap.OPT_RESTART, True)
     # TODO: register a connection callback (like dis?connect_cb() in myldap.c)
     if cfg.ssl or cfg.uri.startswith('ldaps://'):
-- 
cgit v1.2.3