I wrote a Perl script to test this. It opens an LDAP connection and binds to
the directory. It forks a child that runs a search then sleeps for a while.
The parent sleeps to allow the child search to complete, then forks a second
child that runs the same search and then sleeps for a while. If I set up the
LDAP connection unencrypted, the script runs fine. If I set up the LDAP
connection encrypted, the second search gets an I/O error.
I think a reasonable workaround is if Exim caches the PID along with the other
connection information for encrypted connections and then uses the encrypted
connection only with that PID. Does anyone have a better idea?
Looking at the source code I don't see an easy way to determine whether a
connection is encrypted since LDAP_OPT_X_TLS_TRY seems to be the default. Is
there an easy way to determine this? Does TRY actually mean don't bother
encrypting?
Thanks,
John
