+2006-04-24 [colin] 2.1.1cvs30
+
+ * src/addrindex.c
+ * src/editldap.c
+ * src/editldap_basedn.c
+ * src/editldap_basedn.h
+ * src/ldapctrl.c
+ * src/ldapctrl.h
+ * src/ldapquery.c
+ * src/ldaputil.c
+ * src/ldaputil.h
+ Fix bug #901 (LDAPS support)
+
2006-04-24 [colin] 2.1.1cvs29
* src/compose.c
( cvs diff -u -r 1.1.2.43 -r 1.1.2.44 src/gtk/quicksearch.c; ) > 2.1.1cvs27.patchset
( cvs diff -u -r 1.213.2.88 -r 1.213.2.89 src/folder.c; ) > 2.1.1cvs28.patchset
( cvs diff -u -r 1.382.2.266 -r 1.382.2.267 src/compose.c; cvs diff -u -r 1.179.2.109 -r 1.179.2.110 src/imap.c; cvs diff -u -r 1.395.2.192 -r 1.395.2.193 src/summaryview.c; ) > 2.1.1cvs29.patchset
+( cvs diff -u -r 1.28.2.16 -r 1.28.2.17 src/addrindex.c; cvs diff -u -r 1.8.2.11 -r 1.8.2.12 src/editldap.c; cvs diff -u -r 1.10.2.6 -r 1.10.2.7 src/editldap_basedn.c; cvs diff -u -r 1.3.2.2 -r 1.3.2.3 src/editldap_basedn.h; cvs diff -u -r 1.2.2.4 -r 1.2.2.5 src/ldapctrl.c; cvs diff -u -r 1.1.4.4 -r 1.1.4.5 src/ldapctrl.h; cvs diff -u -r 1.3.2.7 -r 1.3.2.8 src/ldapquery.c; cvs diff -u -r 1.1.4.2 -r 1.1.4.3 src/ldaputil.c; cvs diff -u -r 1.1.4.2 -r 1.1.4.3 src/ldaputil.h; ) > 2.1.1cvs30.patchset
MICRO_VERSION=1
INTERFACE_AGE=0
BINARY_AGE=0
-EXTRA_VERSION=29
+EXTRA_VERSION=30
EXTRA_RELEASE=
EXTRA_GTK2_VERSION=
#define ATTAG_LDAP_DYN_SEARCH "dyn-search"
#define ATTAG_LDAP_MATCH_OPT "match-opt"
#define ATTAG_LDAP_ENABLE_TLS "enable-tls"
+#define ATTAG_LDAP_ENABLE_SSL "enable-ssl"
#define ELTAG_LDAP_ATTR_SRCH "attribute"
#define ATTAG_LDAP_ATTR_NAME "name"
gchar *serverName = NULL;
gchar *criteria = NULL;
gboolean bDynSearch;
- gboolean bTLS;
+ gboolean bTLS, bSSL;
gint iMatch;
/* printf( "addrindex_parse_ldap\n" ); */
/* Set up some defaults */
bDynSearch = FALSE;
bTLS = FALSE;
+ bSSL = FALSE;
iMatch = LDAPCTL_MATCH_BEGINWITH;
ds = addrindex_create_datasource( ADDR_IF_LDAP );
bTLS = TRUE;
}
}
+ else if( strcmp( name, ATTAG_LDAP_ENABLE_SSL ) == 0 ) {
+ bSSL = FALSE;
+ if( strcmp( value, ATVAL_BOOLEAN_YES ) == 0 ) {
+ bSSL = TRUE;
+ }
+ }
attr = g_list_next( attr );
}
ldapsvr_set_name( server, serverName );
ldapsvr_set_search_flag( server, bDynSearch );
ldapctl_set_matching_option( ctl, iMatch );
+#ifdef USE_LDAP_TLS
ldapctl_set_tls( ctl, bTLS );
+ ldapctl_set_ssl( ctl, bSSL );
+#endif
g_free( serverName );
ldapsvr_set_control( server, ctl );
ds->rawDataSource = server;
addrindex_write_attr( fp, ATTAG_LDAP_ENABLE_TLS,
ctl->enableTLS ?
ATVAL_BOOLEAN_YES : ATVAL_BOOLEAN_NO );
+ addrindex_write_attr( fp, ATTAG_LDAP_ENABLE_SSL,
+ ctl->enableSSL ?
+ ATVAL_BOOLEAN_YES : ATVAL_BOOLEAN_NO );
fputs(" >\n", fp);
#include "editldap_basedn.h"
#include "manage_window.h"
#include "gtkutils.h"
+#include "prefs_gtk.h"
#define PAGE_BASIC 0
#define PAGE_SEARCH 1
GtkWidget *spinbtn_queryage;
GtkWidget *check_dynsearch;
GtkWidget *check_matchoption;
+#ifdef USE_LDAP_TLS
+ GtkWidget *enable_ssl;
+ GtkWidget *enable_tls;
+#endif
} ldapedit;
/**
gchar *sBaseDN = NULL;
gint iBaseDN = 0;
gboolean flg;
+ gboolean tls = FALSE, ssl = FALSE;
GList *baseDN = NULL;
edit_ldap_status_show( "" );
sPass = gtk_editable_get_chars( GTK_EDITABLE(ldapedit.entry_bindPW), 0, -1 );
iPort = gtk_spin_button_get_value_as_int( GTK_SPIN_BUTTON( ldapedit.spinbtn_port ) );
iTime = gtk_spin_button_get_value_as_int( GTK_SPIN_BUTTON( ldapedit.spinbtn_timeout ) );
+#ifdef USE_LDAP_TLS
+ tls = gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(ldapedit.enable_tls));
+ ssl = gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(ldapedit.enable_ssl));
+#endif
+
g_strchomp( sHost ); g_strchug( sHost );
g_strchomp( sBind ); g_strchug( sBind );
g_strchomp( sPass ); g_strchug( sPass );
if( *sHost != '\0' ) {
/* Test connection to server */
- if( ldaputil_test_connect( sHost, iPort ) ) {
+ if( ldaputil_test_connect( sHost, iPort, ssl, tls ) ) {
/* Attempt to read base DN */
- baseDN = ldaputil_read_basedn( sHost, iPort, sBind, sPass, iTime );
+ baseDN = ldaputil_read_basedn( sHost, iPort, sBind, sPass, iTime, ssl, tls );
if( baseDN ) {
GList *node = baseDN;
while( node ) {
static void edit_ldap_basedn_select( void ) {
gchar *sHost, *sBind, *sPass, *sBase;
- gint iPort, iTime;
+ gint iPort, iTime, tls = 0, ssl = 0;
gchar *selectDN;
sHost = gtk_editable_get_chars( GTK_EDITABLE(ldapedit.entry_server), 0, -1 );
sPass = gtk_editable_get_chars( GTK_EDITABLE(ldapedit.entry_bindPW), 0, -1 );
iPort = gtk_spin_button_get_value_as_int( GTK_SPIN_BUTTON( ldapedit.spinbtn_port ) );
iTime = gtk_spin_button_get_value_as_int( GTK_SPIN_BUTTON( ldapedit.spinbtn_timeout ) );
+#ifdef USE_LDAP_TLS
+ tls = gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(ldapedit.enable_tls));
+ ssl = gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(ldapedit.enable_ssl));
+#endif
+
g_strchomp( sHost ); g_strchug( sHost );
g_strchomp( sBind ); g_strchug( sBind );
g_strchomp( sPass ); g_strchug( sPass );
- selectDN = edit_ldap_basedn_selection( sHost, iPort, sBase, iTime, sBind, sPass );
+ selectDN = edit_ldap_basedn_selection( sHost, iPort, sBase, iTime, sBind, sPass, ssl, tls );
if( selectDN ) {
gtk_entry_set_text(GTK_ENTRY(ldapedit.entry_baseDN), selectDN);
g_free( selectDN );
GTK_STATUSBAR(statusbar), "Edit LDAP Server Dialog" );
}
+static void editldap_update_port (GtkToggleButton *ssl_btn, gpointer data) {
+ gboolean val = gtk_toggle_button_get_active(ssl_btn);
+ gtk_spin_button_set_value(
+ GTK_SPIN_BUTTON( ldapedit.spinbtn_port ),
+ val ? LDAPCTL_DFL_SSL_PORT:LDAPCTL_DFL_PORT );
+}
+
static void addressbook_edit_ldap_page_basic( gint pageNum, gchar *pageLbl ) {
GtkWidget *vbox;
GtkWidget *table;
GtkWidget *hbox_spin;
GtkObject *spinbtn_port_adj;
GtkWidget *spinbtn_port;
+#ifdef USE_LDAP_TLS
+ GtkWidget *enable_ssl_chkbtn, *enable_tls_chkbtn;
+#endif
GtkWidget *entry_baseDN;
GtkWidget *check_btn;
GtkWidget *lookdn_btn;
gtk_misc_set_alignment(GTK_MISC(label), 0, 0.5);
hbox_spin = gtk_hbox_new (FALSE, 8);
- spinbtn_port_adj = gtk_adjustment_new (389, 1, 65535, 100, 1000, 1000);
+ spinbtn_port_adj = gtk_adjustment_new (389, 1, 65535, 1, 1000, 1000);
spinbtn_port = gtk_spin_button_new(GTK_ADJUSTMENT (spinbtn_port_adj), 1, 0);
gtk_box_pack_start (GTK_BOX (hbox_spin), spinbtn_port, FALSE, FALSE, 0);
gtk_widget_set_size_request (spinbtn_port, 64, -1);
gtk_spin_button_set_numeric (GTK_SPIN_BUTTON (spinbtn_port), TRUE);
+
+#ifdef USE_LDAP_TLS
+ enable_tls_chkbtn = gtk_check_button_new_with_label(_("TLS"));
+ enable_ssl_chkbtn = gtk_check_button_new_with_label(_("SSL"));
+ SET_TOGGLE_SENSITIVITY_REVERSE(enable_tls_chkbtn, enable_ssl_chkbtn);
+ SET_TOGGLE_SENSITIVITY_REVERSE(enable_ssl_chkbtn, enable_tls_chkbtn);
+ gtk_tooltips_set_tip( toolTip, enable_tls_chkbtn, _(
+ "Enable secure connection to the LDAP server via TLS."
+ "If connection fails, be sure to check the correct "
+ "configuration in ldap.conf (TLS_CACERT field)." ),
+ NULL );
+ gtk_tooltips_set_tip( toolTip, enable_ssl_chkbtn, _(
+ "Enable secure connection to the LDAP server via SSL."
+ "If connection fails, be sure to check the correct "
+ "configuration in ldap.conf (TLS_CACERT field)." ),
+ NULL );
+
+ gtk_box_pack_start (GTK_BOX (hbox_spin), enable_tls_chkbtn, FALSE, FALSE, 0);
+ gtk_box_pack_start (GTK_BOX (hbox_spin), enable_ssl_chkbtn, FALSE, FALSE, 0);
+#endif
+
gtk_table_attach(GTK_TABLE(table), hbox_spin, 1, 2, top, (top + 1),
GTK_EXPAND|GTK_SHRINK|GTK_FILL, 0, 0, 0);
ldapedit.entry_server = entry_server;
ldapedit.spinbtn_port = spinbtn_port;
ldapedit.entry_baseDN = entry_baseDN;
+#ifdef USE_LDAP_TLS
+ ldapedit.enable_ssl = enable_ssl_chkbtn;
+ ldapedit.enable_tls = enable_tls_chkbtn;
+
+ g_signal_connect(G_OBJECT(enable_ssl_chkbtn), "toggled", \
+ G_CALLBACK(editldap_update_port), NULL);
+#endif
}
static void addressbook_edit_ldap_page_search( gint pageNum, gchar *pageLbl ) {
GTK_TOGGLE_BUTTON( ldapedit.check_dynsearch), TRUE );
gtk_toggle_button_set_active(
GTK_TOGGLE_BUTTON( ldapedit.check_matchoption), FALSE );
+#ifdef USE_LDAP_TLS
+ gtk_toggle_button_set_active(
+ GTK_TOGGLE_BUTTON( ldapedit.enable_ssl), FALSE );
+ gtk_toggle_button_set_active(
+ GTK_TOGGLE_BUTTON( ldapedit.enable_tls), FALSE );
+#endif
}
/**
GTK_SPIN_BUTTON(ldapedit.spinbtn_timeout), ctl->timeOut );
gtk_spin_button_set_value(
GTK_SPIN_BUTTON(ldapedit.spinbtn_maxentry), ctl->maxEntries );
-
+#ifdef USE_LDAP_TLS
+ gtk_toggle_button_set_active(
+ GTK_TOGGLE_BUTTON(ldapedit.enable_tls), ctl->enableTLS );
+ gtk_toggle_button_set_active(
+ GTK_TOGGLE_BUTTON(ldapedit.enable_ssl), ctl->enableSSL );
+#endif
/* Format criteria */
crit = editldap_build_criteria_list( ctl );
if( crit ) {
AddressDataSource *ds = NULL;
LdapServer *server = NULL;
LdapControl *ctl = NULL;
- gboolean fin;
+ gboolean fin, ssl = FALSE, tls = FALSE;
if (!ldapedit.window)
addressbook_edit_ldap_create(&cancelled);
GTK_TOGGLE_BUTTON( ldapedit.check_dynsearch ) );
bMatch = gtk_toggle_button_get_active(
GTK_TOGGLE_BUTTON( ldapedit.check_matchoption ) );
-
+#ifdef USE_LDAP_TLS
+ ssl = gtk_toggle_button_get_active(
+ GTK_TOGGLE_BUTTON( ldapedit.enable_ssl ) );
+ tls = gtk_toggle_button_get_active(
+ GTK_TOGGLE_BUTTON( ldapedit.enable_tls ) );
+#endif
fin = FALSE;
if( *sName == '\0' ) fin = TRUE;
if( *sHost == '\0' ) fin = TRUE;
ldapctl_set_max_entries( ctl, iMaxE );
ldapctl_set_timeout( ctl, iTime );
ldapctl_set_max_query_age( ctl, iAge );
+#ifdef USE_LDAP_TLS
+ ldapctl_set_tls( ctl, tls );
+ ldapctl_set_ssl( ctl, ssl );
+#endif
ldapctl_set_matching_option(
ctl, bMatch ?
LDAPCTL_MATCH_CONTAINS : LDAPCTL_MATCH_BEGINWITH );
void edit_ldap_bdn_load_data(
const gchar *hostName, const gint iPort, const gint tov,
- const gchar* bindDN, const gchar *bindPW )
+ const gchar* bindDN, const gchar *bindPW, int ssl, int tls )
{
gchar *sHost;
gchar *sMsg = NULL;
gtk_label_set_text(GTK_LABEL(ldapedit_basedn.port_label), sPort);
if( *sHost != '\0' ) {
/* Test connection to server */
- if( ldaputil_test_connect( sHost, iPort ) ) {
+ if( ldaputil_test_connect( sHost, iPort, ssl, tls ) ) {
/* Attempt to read base DN */
- baseDN = ldaputil_read_basedn( sHost, iPort, bindDN, bindPW, tov );
+ baseDN = ldaputil_read_basedn( sHost, iPort, bindDN, bindPW, tov, ssl, tls );
if( baseDN ) {
GList *node = baseDN;
gchar *text[2] = { NULL, NULL };
}
gchar *edit_ldap_basedn_selection( const gchar *hostName, const gint port, gchar *baseDN, const gint tov,
- const gchar* bindDN, const gchar *bindPW ) {
+ const gchar* bindDN, const gchar *bindPW, int ssl, int tls ) {
gchar *retVal = NULL;
ldapedit_basedn_cancelled = FALSE;
manage_window_set_transient(GTK_WINDOW(ldapedit_basedn.window));
edit_ldap_bdn_status_show( "" );
- edit_ldap_bdn_load_data( hostName, port, tov, bindDN, bindPW );
+ edit_ldap_bdn_load_data( hostName, port, tov, bindDN, bindPW, ssl, tls );
gtk_widget_show(ldapedit_basedn.window);
gtk_entry_set_text(GTK_ENTRY(ldapedit_basedn.basedn_entry), baseDN);
#ifdef USE_LDAP
gchar *edit_ldap_basedn_selection( const gchar *hostName, const gint port, gchar *baseDN, const gint tov,
- const gchar* bindDN, const gchar *bindPW );
+ const gchar* bindDN, const gchar *bindPW, int ssl, int tls );
#endif /* USE_LDAP */
ctl->matchingOption = LDAPCTL_MATCH_BEGINWITH;
ctl->version = 0;
ctl->enableTLS = FALSE;
+ ctl->enableSSL = FALSE;
/* Mutex to protect control block */
ctl->mutexCtl = g_malloc0( sizeof( pthread_mutex_t ) );
ctl->enableTLS = value;
}
+void ldapctl_set_ssl( LdapControl* ctl, const gboolean value ) {
+ ctl->enableSSL = value;
+}
+
/**
* Specify search criteria list to be used.
* \param ctl Control data object.
ctl->matchingOption = LDAPCTL_MATCH_BEGINWITH;
ctl->version = 0;
ctl->enableTLS = FALSE;
+ ctl->enableSSL = FALSE;
}
/**
ctl->matchingOption = LDAPCTL_MATCH_BEGINWITH;
ctl->version = 0;
ctl->enableTLS = FALSE;
+ ctl->enableSSL = FALSE;
ldapctl_default_attributes( ctl );
}
fprintf( stream, "match opt: %d\n", ctl->matchingOption );
fprintf( stream, " version: %d\n", ctl->version );
fprintf( stream, " TLS: %s\n", ctl->enableTLS ? "yes" : "no" );
+ fprintf( stream, " SSL: %s\n", ctl->enableSSL ? "yes" : "no" );
fprintf( stream, "crit list:\n" );
if( ctl->listCriteria ) {
mgu_print_dlist( ctl->listCriteria, stream );
ctlTo->matchingOption = ctlFrom->matchingOption;
ctlTo->version = ctlFrom->version;
ctlTo->enableTLS = ctlFrom->enableTLS;
+ ctlTo->enableSSL = ctlFrom->enableSSL;
/* Unlock */
pthread_mutex_unlock( ctlTo->mutexCtl );
* Constants.
*/
#define LDAPCTL_DFL_PORT 389
+#define LDAPCTL_DFL_SSL_PORT 636
#define LDAPCTL_MAX_ENTRIES 30
#define LDAPCTL_DFL_TIMEOUT 30
#define LDAPCTL_DFL_QUERY_AGE 600
gint matchingOption;
gint version;
gboolean enableTLS;
+ gboolean enableSSL;
gchar *attribEMail;
gchar *attribCName;
gchar *attribFName;
void ldapctl_set_max_query_age ( LdapControl* ctl, const gint value );
void ldapctl_set_matching_option( LdapControl* ctl, const gint value );
void ldapctl_set_tls ( LdapControl* ctl, const gboolean value );
+void ldapctl_set_ssl ( LdapControl* ctl, const gboolean value );
void ldapctl_set_criteria_list ( LdapControl* ctl, GList *value );
GList *ldapctl_get_criteria_list( const LdapControl* ctl );
void ldapctl_criteria_list_clear( LdapControl *ctl );
*/
static gint ldapqry_connect( LdapQuery *qry ) {
LdapControl *ctl;
- LDAP *ld;
+ LDAP *ld = NULL;
gint rc;
gint version;
qry->startTime = qry->touchTime;
qry->elapsedTime = -1;
ADDRQUERY_RETVAL(qry) = LDAPRC_INIT;
- if( ( ld = ldap_init( ctl->hostName, ctl->port ) ) == NULL ) {
- return ADDRQUERY_RETVAL(qry);
+ if (!ctl->enableSSL) {
+ ld = ldap_init( ctl->hostName, ctl->port );
+ } else {
+ gchar *uri = g_strdup_printf("ldaps://%s:%d",
+ ctl->hostName, ctl->port);
+ ldap_initialize(&ld, uri);
+ g_free(uri);
}
+ if (ld == NULL)
+ return ADDRQUERY_RETVAL(qry);
+
qry->ldap = ld;
ADDRQUERY_RETVAL(qry) = LDAPRC_STOP_FLAG;
if( ldapqry_get_stop_flag( qry ) ) {
}
if( ctl->version == LDAP_VERSION3 ) {
- if( ctl->enableTLS ) {
+ if( ctl->enableTLS && !ctl->enableSSL ) {
ADDRQUERY_RETVAL(qry) = LDAPRC_TLS;
rc = ldap_start_tls_s( ld, NULL, NULL );
- /*
- printf( "rc=%d\n", rc );
- printf( "LDAP Status: set_option: %s\n", ldap_err2string( rc ) );
- */
+
+ /* printf( "rc=%d\n", rc );
+ printf( "LDAP Status: set_option: %s\n", ldap_err2string( rc ) ); */
+
if( rc != LDAP_SUCCESS ) {
return ADDRQUERY_RETVAL(qry);
}
#include <sys/time.h>
#include <ldap.h>
#include <lber.h>
+#include <errno.h>
#define SYLDAP_TEST_FILTER "(objectclass=*)"
#define SYLDAP_SEARCHBASE_V2 "cn=config"
* \return List of Base DN's, or NULL if could not read. List should be
* g_free() when done.
*/
-static GList *ldaputil_test_v3( LDAP *ld, gint tov ) {
+static GList *ldaputil_test_v3( LDAP *ld, gint tov, gint *errcode ) {
GList *baseDN = NULL;
gint rc, i;
- LDAPMessage *result, *e;
+ LDAPMessage *result = NULL, *e;
gchar *attribs[2];
BerElement *ber;
gchar *attribute;
}
ber = NULL;
}
- }
- ldap_msgfree( result );
+ }
+ if (errcode)
+ *errcode = rc;
+ if (result)
+ ldap_msgfree( result );
return baseDN;
}
static GList *ldaputil_test_v2( LDAP *ld, gint tov ) {
GList *baseDN = NULL;
gint rc, i;
- LDAPMessage *result, *e;
+ LDAPMessage *result = NULL, *e;
gchar *attribs[1];
BerElement *ber;
gchar *attribute;
ber = NULL;
}
}
- ldap_msgfree( result );
+ if (result)
+ ldap_msgfree( result );
return baseDN;
}
*/
GList *ldaputil_read_basedn(
const gchar *host, const gint port, const gchar *bindDN,
- const gchar *bindPW, const gint tov )
+ const gchar *bindPW, const gint tov, int ssl, int tls )
{
GList *baseDN = NULL;
- LDAP *ld;
+ LDAP *ld = NULL;
gint rc;
+#ifdef USE_LDAP_TLS
+ gint version;
+#endif
if( host == NULL ) return baseDN;
if( port < 1 ) return baseDN;
/* Connect to server. */
- if( ( ld = ldap_init( host, port ) ) == NULL ) {
+
+ if (!ssl) {
+ ld = ldap_init( host, port );
+ } else {
+ gchar *uri = g_strdup_printf("ldaps://%s:%d",
+ host, port);
+ rc = ldap_initialize(&ld, uri);
+ g_free(uri);
+ }
+ if( ld == NULL ) {
return baseDN;
}
+#ifdef USE_LDAP_TLS
+ if( tls && !ssl ) {
+ /* Handle TLS */
+ version = LDAP_VERSION3;
+ rc = ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version );
+ if( rc != LDAP_OPT_SUCCESS ) {
+ ldap_unbind( ld );
+ return baseDN;
+ }
+ rc = ldap_start_tls_s( ld, NULL, NULL );
+ if (rc != 0) {
+ ldap_unbind( ld );
+ return baseDN;
+ }
+ }
+#endif
/* Bind to the server, if required */
if( bindDN ) {
}
/* Test for LDAP version 3 */
- baseDN = ldaputil_test_v3( ld, tov );
- if( baseDN == NULL ) {
+ baseDN = ldaputil_test_v3( ld, tov, &rc );
+
+ if( baseDN == NULL && !LDAP_API_ERROR(rc) ) {
baseDN = ldaputil_test_v2( ld, tov );
}
- ldap_unbind( ld );
+ if (ld && !LDAP_API_ERROR(rc))
+ ldap_unbind( ld );
+
return baseDN;
}
* \param port Port number.
* \return <i>TRUE</i> if connected successfully.
*/
-gboolean ldaputil_test_connect( const gchar *host, const gint port ) {
+gboolean ldaputil_test_connect( const gchar *host, const gint port, int ssl, int tls ) {
gboolean retVal = FALSE;
LDAP *ld;
-
+#ifdef USE_LDAP_TLS
+ gint rc;
+ gint version;
+#endif
if( host == NULL ) return retVal;
if( port < 1 ) return retVal;
- ld = ldap_open( host, port );
+ if (!ssl) {
+ ld = ldap_open( host, port );
+ } else {
+ gchar *uri = g_strdup_printf("ldaps://%s:%d",
+ host, port);
+ ldap_initialize(&ld, uri);
+ g_free(uri);
+ }
+ if (ld == NULL)
+ return FALSE;
+
+#ifdef USE_LDAP_TLS
+ if (ssl) {
+ GList *dummy = ldaputil_test_v3( ld, 10, &rc );
+ if (dummy)
+ g_list_free(dummy);
+ if (LDAP_API_ERROR(rc))
+ return FALSE;
+ }
+
+ if( tls && !ssl ) {
+ /* Handle TLS */
+ version = LDAP_VERSION3;
+ rc = ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version );
+ if( rc != LDAP_OPT_SUCCESS ) {
+ ldap_unbind( ld );
+ return FALSE;
+ }
+
+ rc = ldap_start_tls_s( ld, NULL, NULL );
+ if (rc != 0) {
+ ldap_unbind( ld );
+ return FALSE;
+ }
+ }
+#endif
if( ld != NULL ) {
ldap_unbind( ld );
retVal = TRUE;
/* Function Prototypes */
GList *ldaputil_read_basedn ( const gchar *host, const gint port,
const gchar *bindDN, const gchar *bindPW,
- const gint tov );
-gboolean ldaputil_test_connect ( const gchar *host, const gint port );
+ const gint tov, int ssl, int tls );
+gboolean ldaputil_test_connect ( const gchar *host, const gint port, int ssl, int tls);
gboolean ldaputil_test_ldap_lib ( void );
#endif /* USE_LDAP */