[Fedora-directory-commits] ldapserver/ldap/servers/plugins/replication repl5_agmt.c, 1.16, 1.17

[Richard Allen Megginson]

Author: rmeggins

Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/replication
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv12778/ldapserver/ldap/servers/plugins/replication

Modified Files:
	repl5_agmt.c 
Log Message:
Resolves: bug 479254
Bug Description: Configuring Replication Server to Server GSSAPI over TLS - attempts replication and can't stop servers
Reviewed by: nhosoi (Thanks!)
Fix Description: The agreement add code did not check the transport and bind method for compatability.
Platforms tested: RHEL5
Flag Day: no
Doc impact: no



Index: repl5_agmt.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/repl5_agmt.c,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- repl5_agmt.c	5 Dec 2008 22:41:51 -0000	1.16
+++ repl5_agmt.c	16 Mar 2009 16:29:45 -0000	1.17
@@ -207,6 +207,20 @@
 			"is malformed: invalid pausetime %ld.\n", slapi_sdn_get_dn(ra->dn), ra->pausetime);
 		return_value = 0;
 	}
+	if ((0 != ra->transport_flags) && (BINDMETHOD_SASL_GSSAPI == ra->bindmethod)) {
+		slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "Replication agreement \"%s\" "
+						" is malformed: cannot use SASL/GSSAPI if using SSL or TLS - please "
+						"change %s to LDAP before changing %s to use SASL/GSSAPI\n",
+						slapi_sdn_get_dn(ra->dn), type_nsds5TransportInfo, type_nsds5ReplicaBindMethod);
+		return_value = 0;
+	}
+	if ((0 == ra->transport_flags) && (BINDMETHOD_SSL_CLIENTAUTH == ra->bindmethod)) {
+		slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "Replication agreement \"%s\" "
+						" is malformed: cannot use SSLCLIENTAUTH if using plain LDAP - please "
+						"change %s to SSL or TLS before changing %s to use SSLCLIENTAUTH\n",
+						slapi_sdn_get_dn(ra->dn), type_nsds5TransportInfo, type_nsds5ReplicaBindMethod);
+		return_value = 0;
+	}
 	return return_value;
 }