summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorPhil Pennock <pdp@exim.org>2013-06-10 02:50:18 -0400
committerPhil Pennock <pdp@exim.org>2013-06-10 02:50:18 -0400
commitd13cdd3049b0191bbb275f9a6cf11dc0917a1f0c (patch)
tree4a958564b2a72cead984ead5e15f06734d337b19 /src
parent8c02018827314fde071df70e2e1e080d241ffc49 (diff)
Guard LDAP TLS usage against Solaris LDAP variant.
PP/22 Report from Prashanth Katuri. This variant ensures that if TLS won't be activated because of compile-time guards, but was requested, then we at least debug-log _why_ we're not doing anything.
Diffstat (limited to 'src')
-rw-r--r--src/src/lookups/ldap.c25
1 files changed, 16 insertions, 9 deletions
diff --git a/src/src/lookups/ldap.c b/src/src/lookups/ldap.c
index 244d67561..40345bafc 100644
--- a/src/src/lookups/ldap.c
+++ b/src/src/lookups/ldap.c
@@ -519,18 +519,25 @@ if (!lcp->bound ||
{
DEBUG(D_lookup) debug_printf("%sbinding with user=%s password=%s\n",
(lcp->bound)? "re-" : "", user, password);
-#ifdef LDAP_OPT_X_TLS
- /* The Oracle LDAP libraries (LDAP_LIB_TYPE=SOLARIS) don't support this: */
if (eldap_start_tls)
{
- if ( (rc = ldap_start_tls_s(lcp->ld, NULL, NULL)) != LDAP_SUCCESS) {
- *errmsg = string_sprintf("failed to initiate TLS processing on an "
- "LDAP session to server %s%s - ldap_start_tls_s() returned %d:"
- " %s", host, porttext, rc, ldap_err2string(rc));
- goto RETURN_ERROR;
- }
- }
+#if defined(LDAP_OPT_X_TLS) && !defined(LDAP_LIB_SOLARIS)
+ /* The Oracle LDAP libraries (LDAP_LIB_TYPE=SOLARIS) don't support this.
+ * Note: moreover, they appear to now define LDAP_OPT_X_TLS and still not
+ * export an ldap_start_tls_s symbol.
+ */
+ if ( (rc = ldap_start_tls_s(lcp->ld, NULL, NULL)) != LDAP_SUCCESS)
+ {
+ *errmsg = string_sprintf("failed to initiate TLS processing on an "
+ "LDAP session to server %s%s - ldap_start_tls_s() returned %d:"
+ " %s", host, porttext, rc, ldap_err2string(rc));
+ goto RETURN_ERROR;
+ }
+#else
+ DEBUG(D_lookup)
+ debug_printf("TLS initiation not supported with this Exim and your LDAP library.\n");
#endif
+ }
if ((msgid = ldap_bind(lcp->ld, CS user, CS password, LDAP_AUTH_SIMPLE))
== -1)
{