In this commit I am adding a function, .ldap.startTLS, which enables a startTLS connection with the server.
startTLS works with the normal LDAP port ldap://:389 (not ldaps://)
This function is a wrapper around ldap_start_tls_s (See reference).
ldap_start_tls_s sends a StartTLS request to a server, waits for the reply, and then installs TLS handlers on the session if the request succeeded. The routine returns LDAP_SUCCESS if everything succeeded, otherwise it returns an LDAP error code.
The ldap_start_tls_s function takes 3 arguments, the session ID, ServerCtrls and ClientCtrls.
Both ServerCtrls and ClientCtrls are being set to NULL to be consistent with what is done for ldap_sasl_bind_s.
Hence, .ldap.startTLS only requires a single argument, the session ID.
To enable an LDAP node to accept only startTLS connections the olcSecurity setting should be set to tls=1 or higher
In this commit I am adding a function, .ldap.startTLS, which enables a startTLS connection with the server. startTLS works with the normal LDAP port ldap://:389 (not ldaps://)
This function is a wrapper around ldap_start_tls_s (See reference).
ldap_start_tls_s sends a StartTLS request to a server, waits for the reply, and then installs TLS handlers on the session if the request succeeded. The routine returns LDAP_SUCCESS if everything succeeded, otherwise it returns an LDAP error code.
The ldap_start_tls_s function takes 3 arguments, the session ID, ServerCtrls and ClientCtrls. Both ServerCtrls and ClientCtrls are being set to NULL to be consistent with what is done for ldap_sasl_bind_s. Hence, .ldap.startTLS only requires a single argument, the session ID.
To enable an LDAP node to accept only startTLS connections the olcSecurity setting should be set to tls=1 or higher
Example Usage: