From 2c348c6378629dfe625f0bdf91b1ae4f6970f972 Mon Sep 17 00:00:00 2001
From: Graham Leggett <minfrin@apache.org>
Date: Tue, 21 Jan 2003 11:06:47 +0000
Subject: [PATCH] Ensure LDAP version is set to v3 on every bind. PR: 14235
 Obtained from: Submitted by:	Sergey A. Lipnevich <sergeyli@pisem.net>
 Reviewed by:	Graham Leggett

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@98420 13f79535-47bb-0310-9956-ffa450edef68
---
 CHANGES                          |  3 +++
 modules/experimental/util_ldap.c | 21 +++++++++++++--------
 2 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/CHANGES b/CHANGES
index e3161037b3..42047ca143 100644
--- a/CHANGES
+++ b/CHANGES
@@ -65,6 +65,9 @@ Changes with Apache 2.1.0-dev
 
 Changes with Apache 2.0.45
 
+  *) Ensure LDAP version is set to v3 on every bind. PR 14235.
+     [Sergey A. Lipnevich <sergeyli@pisem.net>]
+
   *) Fix mod_ldap to open an existing shared memory file should one
      already exist. PR 12757. [Scooter Morris <scooter@gene.com>, 
      Graham Leggett]
diff --git a/modules/experimental/util_ldap.c b/modules/experimental/util_ldap.c
index 49ba864ff7..5d281070c2 100644
--- a/modules/experimental/util_ldap.c
+++ b/modules/experimental/util_ldap.c
@@ -265,6 +265,18 @@ start_over:
                                   util_ldap_connection_destroy,
                                   apr_pool_cleanup_null);
 
+#if LDAP_VENDOR_VERSION >= 20000
+    /* set protocol version 3 on this connection */
+        {
+            int version = LDAP_VERSION3;
+
+            if ((result = ldap_set_option(ldc->ldap, LDAP_OPT_PROTOCOL_VERSION,
+                                         &version)) != LDAP_SUCCESS) {
+                /* setting LDAP version failed - ignore error */
+            }
+        }
+#endif
+
         /* Set the alias dereferencing option */
 #if LDAP_VERSION_MAX == 2
         ldc->ldap->ld_deref = ldc->deref;
@@ -301,14 +313,7 @@ start_over:
 
 #ifdef APU_HAS_LDAP_STARTTLS
         if (ldc->starttls) {
-            int version = LDAP_VERSION3;
-
-            /* Also we have to set the connection to use protocol version 3,
-             * since we're using TLS. */
-            if ((result = ldap_set_option(ldc->ldap, LDAP_OPT_PROTOCOL_VERSION,
-                                         &version)) != LDAP_SUCCESS) {
-		/* setting LDAP version failed - ignore error */
-            }
+            /* LDAP protocol version 3 is required for TLS */
 
             /* 
              * In util_ldap_connection_find, we compare ldc->withtls to
-- 
2.40.0