I needed to use ldaps:// urls in LDAP queries since I needed to bind
as a specific user and I didn't want to enable non-anonymous binds
over non-secure connectstion in my LDAP server. It's very specific to
OpenLDAP 2.0.x since I don't have access to other LDAP libraries.
The patch is against v3.30.
Jeff
--- exim-3.30/src/lookups/ldap.c.ldaps Mon Jun 18 06:03:25 2001
+++ exim-3.30/src/lookups/ldap.c Mon Jun 25 14:20:46 2001
@@ -132,6 +132,9 @@
LDAPMessage *result;
BerElement *ber;
LDAP_CONNECTION *lcp;
+#ifdef LDAP_OPT_X_TLS
+int tls_option;
+#endif
struct timeval timeout;
struct timeval *timeoutptr = NULL;
@@ -219,15 +222,23 @@
if (lcp == NULL)
{
- LDAP *ld = ldap_open(host, (port != 0)? port : LDAP_PORT);
+ LDAP *ld = ldap_init(host, (port != 0)? port : LDAP_PORT);
if (ld == NULL)
{
- *errmsg = string_sprintf("failed to open connection to LDAP server %s:%d "
+ *errmsg = string_sprintf("failed to initialize connection with LDAP server %s:%d "
"- %s", host, port, strerror(errno));
goto RETURN_ERROR;
}
- DEBUG(9) debug_printf("Opened connection to LDAP server %s:%d\n", host, port);
+ DEBUG(9) debug_printf("Initialized connection with LDAP server %s:%d\n", host, port);
+
+#ifdef LDAP_OPT_X_TLS
+ if(strncmp(ludp->lud_scheme, "ldaps", 5) == 0)
+ tls_option = LDAP_OPT_X_TLS_HARD;
+ else
+ tls_option = LDAP_OPT_X_TLS_TRY;
+ ldap_set_option(ld, LDAP_OPT_X_TLS, (void *)&tls_option);
+#endif
lcp = store_malloc(sizeof(LDAP_CONNECTION));
lcp->host = (host == NULL)? NULL : string_copy_malloc(host);
@@ -579,7 +590,7 @@
that are recognized. They are of the form NAME=VALUE, with the value being
optionally double-quoted. There must still be a space after it, however. */
-while (strncmp(url, "ldap://", 7) != 0)
+ while ((strncmp(url, "ldap://", 7) != 0) && (strncmp(url, "ldaps://", 8) != 0))
{
char *name = url;
while (*url != 0 && *url != '=') url++;
