Resolves: bug 479077

Bug Description: Server to Server SASL/DIGEST-MD5 not Supported over SSL/TLS
Reviewed by: nkinder (Thanks!)
Fix Description: If using TLS/SSL, we don't need to use a sasl security layer, so just set the maxssf to 0.
Platforms tested: RHEL5
Flag Day: no
Doc impact: no

ldap/servers/slapd/util.c

@@ -1257,6 +1257,10 @@ slapi_ldap_bind(
 	    }
 	}
     } else {
+	/* a SASL mech - set the sasl ssf to 0 if using TLS/SSL */
+	if (secure) {
+	    ldap_set_option(ld, LDAP_OPT_X_SASL_SECPROPS, "maxssf=0");
+	}
 	rc = slapd_ldap_sasl_interactive_bind(ld, bindid, creds, mech,
 					      serverctrls, returnedctrls,
 					      msgidp);