Am Donnerstag 01 März 2012, 11:49:22 schrieb Michael Ströder: > Qiang Xu wrote: > > Guess what? Just picked up a pearl in the sea of internet: > > http://www.mailinglistarchive.com/postfix-us...@postfix.org/msg5768 > > 8.html > > > > Basically, it seems to be a feature introduced since the beginning > > of openldap 2.4 version. We need to set > > LDAP_OPT_X_TLS_REQUIRE_CERT on an ldap handle> > > (already initialized), and set LDAP_OPT_X_TLS_NEWCTX (with a value 0) thereafter: > > rc = ldap_set_option(ld, > > LDAP_OPT_X_TLS_REQUIRE_CERT, &require_cert); > > assert(rc == LDAP_OPT_SUCCESS); > > > > rc = ldap_set_option(ld, LDAP_OPT_X_TLS_NEWCTX, > > &am_server); //> > > am_server is 1, only if the code is compiled for server > > > > assert(rc == LDAP_OPT_SUCCESS); > > > > Now the option works as per connection, rather than as per process. > > Could someone of the OpenLDAP core developers please confirm this? > Especially whether LDAP_OPT_X_TLS_NEWCTX is set to LDAP_OPT_OFF for > "clients"? No, as Qiang Xu already noted LDAP_OPT_OFF is defined as a NULL pointer, while LDAP_OPT_X_TLS_NEWCTX expects a pointer to a integer which has the value 0. Something like this should work for a client context:
int val = 0; ldap_set_option( ld, LDAP_OPT_X_TLS_NEWCTX, &val); regards, Ralf