Hi Kostas et al. I'm writing support for openldap and start tls into my own application, and have run into trouble and was wondering how rlm_ldap is accomplishing some things.
From rlm_ldap.c in CVS,
Line 2088, on what systems is ldap_int_tls_config() exposed? This is available in libldap (sloppy on OpenLDAP's part IMHO) but not in ldap.h. I was just wondering if some systems might patch ldap.h to contain the prototype for ldap_int_tls_config(), since it seems a mistake on OpenLDAP's part to have it be an internal function. Or is it the case that building rlm_ldap against TLS requires source code for OpenLDAP to be available somewhere? Line 2099 and following, on what systems do the LDAP_OPT_X_TLS_* functions (besides LDAP_OPT_X_TLS_REQUIRE_CERT, set via ldap_int_tls_config() above) work using ldap_set_option()? I can only get these to work with ldap_int_tls_config() and from a brief OpenLDAP code inspection it seems that is the only way they are available. ie, these options appear to only be available by way of /etc/openldap/ldap.conf (ie, LDAP_CONF_FILE) when ldap_initialize() et al. are called. yuk. Lastly, the options being set are OpenLDAP-specific, and do not seem to be present in the Sun/Netscape API, so I am just assuming that these are dependent on OpenLDAP and not some other libldap. This is against openldap-2.3.31. It may be the case that ldap_int_tls_config() was exposed in some earlier version, and that some of the LDAP_OPT_X_TLS_* functions were available via ldap_set_option(). But I'm thinking that maybe there are no users of start tls functionality in rlm_ldap. thanks -frank