e3aac66 Ticket 395 - RFE: 389-ds shouldn't advertise in the rootDSE that we can handle a sasl mech if we really can't

Authored and Committed by mreynolds 8 years ago
    Ticket 395 - RFE: 389-ds shouldn't advertise in the rootDSE that we can handle a sasl mech if we really can't
    
    Bug Description:  The root DSE lists all the mechanisms the SASL library can handle (sasl_listmech), but that's
                      not necessarily what the server/co-products can support (e.g. communicating with IPA).
    
    Fix Description:  Added new config setting to specifiy the SASL mechanisms that are allowed.  If none are specified,
                      than all are allowed.  This setting now impacts the SASL callback SASL_CB_GETOPT(ids_sasl_getopt), so
                      it applies to all SASL operations.  So, the root DSE information is correct, and you can now control
                      what mechanisms the server actually allows.
    
    https://fedorahosted.org/389/ticket/395
    
    Reviewed by: richm(Thanks!)
    
        
file modified
+36 -0
file modified
+2 -0