A patch to the qmail-ldap patch

Mon, 07 Jan 2002 01:21:58 -0800 

Hello to all!

I have attached a patch which (if qmail is compiled with
-DLDAP_ENABLE_TLS) switches to TLS on the LDAP connection, right after
creating the connection. It is based on qmail-ldap-1.03-20011001a. Maybe
it is useful to other folks out there who don't like plain-text
connections to the LDAP server.


diff -urN qmail-1.03.orig/Makefile qmail-1.03/Makefile
--- qmail-1.03.orig/Makefile	Mon Jan  7 10:13:40 2002
+++ qmail-1.03/Makefile	Mon Jan  7 10:15:00 2002
@@ -8,10 +8,12 @@
 # -DDASH_EXT to the LDAPFLAGS
 # to use cleartext passwords (a bad idea on production systems) add
 # -DCLEARTEXTPASSWD to the LDAPFLAGS
+# -DLDAP_ENABLE_TLS to enable TLS on the connection to the LDAP server
 #LDAPFLAGS=-DQLDAP_CLUSTER
+LDAP_FLAGS=-DLDAP_ENABLE_TLS
 
 # Perhaps you have different ldap libraries, change them here
-LDAPLIBS=-L/usr/local/lib -lldap -llber
+LDAPLIBS=-L/usr/local/lib -lldap -llber -lresolv
 # and change the location of the include files here
 LDAPINCLUDES=-I/usr/local/include
 # on Slowaris you need -lresolv and probably a LD_RUN_PATH added like this:
@@ -24,13 +26,13 @@
 # TLS (SMTP encryption) in qmail-smtpd and qmail-remote, see TLS.readme
 # You need OpenSSL for this
 # TLS enable
-#TLSON=-DTLS
+TLSON=-DTLS
 # Path to OpenSSL includes
 #TLSINCLUDES=-I/usr/local/include
 # Path to OpenSSL libraries
-#TLSLIBS=-L/usr/local/lib -lssl -lcrypto
+TLSLIBS=-lssl -lcrypto
 # Path to OpenSSL binary
-#OPENSSLBIN=/usr/local/bin/openssl
+OPENSSLBIN=/usr/bin/openssl
 
 # to make the Netscape download progress bar work with qmail-pop3d
 # uncomment the next line (allready done)
diff -urN qmail-1.03.orig/qldap-ldaplib.c qmail-1.03/qldap-ldaplib.c
--- qmail-1.03.orig/qldap-ldaplib.c	Mon Jan  7 10:13:40 2002
+++ qmail-1.03/qldap-ldaplib.c	Mon Jan  7 10:15:14 2002
@@ -1,4 +1,10 @@
 /* qldap-ldaplib.c, [EMAIL PROTECTED], best viewed with tabsize = 4 */
+
+/* Patched by Iustin Pop, <[EMAIL PROTECTED]>, 2001.11.28
+ * in order to support SSL/TLS ldap connections
+ * tested with OpenLDAP 2.0.18
+*/
+
 #include "qmail-ldap.h"
 #include "qldap-errno.h"
 #include <lber.h>
@@ -248,13 +254,22 @@
 
 #ifdef LDAP_OPT_PROTOCOL_VERSION
 	/* set LDAP connection options (only with Mozilla LDAP SDK) */
-	version = LDAP_VERSION2;
+	/* no longer, OpenLDAP has improved nicely */
+	version = LDAP_VERSION3;
 	if ( ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version)
 		   	!= LDAP_SUCCESS ) {
 		qldap_errno = LDAP_INIT;
 		return -1;
 	}
 	log(128, ", set_option successful");
+#ifdef LDAP_ENABLE_TLS
+	if ( ldap_start_tls_s(ld, (void*)0, (void*)0)
+			!= LDAP_SUCCESS ) {
+		qldap_errno = LDAP_INIT;
+		return -1;
+	}
+	log(128, ", switching to TLS/SSL successful");
+#endif /*  LDAP_ENABLE_TLS */
 #endif
 
 	/* connect to the LDAP server */

Reply via email to