/* Define if your LDAP Supports URLs. (OpenLDAP does) */
#define HAVE_LDAP_INITIALIZE
+/* Define if your LDAP Supports start_tls_s. (OpenLDAP does) */
+#define HAVE_LDAP_START_TLS_S
+
/* Define to 1 if you have the `lockf' function. */
#undef HAVE_LOCKF
char *binddn;
char *bindpw;
char *base;
+ char *ssl;
int debug;
} ldap_conf;
* if else if else if else if else ... */
MATCH_S("host", ldap_conf.host)
else MATCH_I("port", ldap_conf.port)
+ else MATCH_S("ssl", ldap_conf.ssl)
else MATCH_I("ldap_version", ldap_conf.version)
else MATCH_S("uri", ldap_conf.uri)
else MATCH_S("binddn", ldap_conf.binddn)
ldap_conf.binddn : "(anonymous)");
printf("bindpw %s\n", ldap_conf.bindpw ?
ldap_conf.bindpw : "(anonymous)");
+#ifdef HAVE_LDAP_START_TLS_S
+ printf("ssl %s\n", ldap_conf.ssl ?
+ ldap_conf.ssl : "(no)");
+#endif
printf("===================\n");
}
#endif /* LDAP_OPT_PROTOCOL_VERSION */
+#ifdef HAVE_LDAP_START_TLS_S
+ /* Turn on TLS */
+ if (ldap_conf.ssl && !strcasecmp(ldap_conf.ssl, "start_tls")){
+ rc = ldap_start_tls_s(ld, NULL, NULL);
+ if (rc != LDAP_SUCCESS) {
+ fprintf(stderr, "ldap_start_tls_s(): %d: %s\n", rc, ldap_err2string(rc));
+ ldap_unbind(ld);
+ return VALIDATE_ERROR;
+ }
+
+ if (ldap_conf.debug) printf("ldap_start_tls_s() ok\n");
+ }
+#endif /* HAVE_LDAP_START_TLS_S */
+
/* Actually connect */
rc=ldap_simple_bind_s(ld,ldap_conf.binddn,ldap_conf.bindpw);
projects / sudo / commitdiff