Author: rmeggins
Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/replication
In directory
cvs1.fedora.phx.redhat.com:/tmp/cvs-serv12778/ldapserver/ldap/servers/plugins/replication
Modified Files:
repl5_agmt.c
Log Message:
Resolves: bug 479254
Bug Description: Configuring Replication Server to Server GSSAPI over TLS - attempts
replication and can't stop servers
Reviewed by: nhosoi (Thanks!)
Fix Description: The agreement add code did not check the transport and bind method for
compatability.
Platforms tested: RHEL5
Flag Day: no
Doc impact: no
Index: repl5_agmt.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/repl5_agmt.c,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- repl5_agmt.c 5 Dec 2008 22:41:51 -0000 1.16
+++ repl5_agmt.c 16 Mar 2009 16:29:45 -0000 1.17
@@ -207,6 +207,20 @@
"is malformed: invalid pausetime %ld.\n", slapi_sdn_get_dn(ra->dn),
ra->pausetime);
return_value = 0;
}
+ if ((0 != ra->transport_flags) && (BINDMETHOD_SASL_GSSAPI ==
ra->bindmethod)) {
+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "Replication agreement
\"%s\" "
+ " is malformed: cannot use SASL/GSSAPI if using SSL or TLS - please "
+ "change %s to LDAP before changing %s to use SASL/GSSAPI\n",
+ slapi_sdn_get_dn(ra->dn), type_nsds5TransportInfo,
type_nsds5ReplicaBindMethod);
+ return_value = 0;
+ }
+ if ((0 == ra->transport_flags) && (BINDMETHOD_SSL_CLIENTAUTH ==
ra->bindmethod)) {
+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "Replication agreement
\"%s\" "
+ " is malformed: cannot use SSLCLIENTAUTH if using plain LDAP - please "
+ "change %s to SSL or TLS before changing %s to use SSLCLIENTAUTH\n",
+ slapi_sdn_get_dn(ra->dn), type_nsds5TransportInfo,
type_nsds5ReplicaBindMethod);
+ return_value = 0;
+ }
return return_value;
}
Show replies by date