Guard LDAP TLS usage against Solaris LDAP variant.

PP/22
Report from Prashanth Katuri.

This variant ensures that if TLS won't be activated because of
compile-time guards, but was requested, then we at least debug-log _why_
we're not doing anything.

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index e0411bab63e5c3d5c0e22a3e1bc8663de743abe4..d84e2aa5d41f784684dd44801f3528fdbebc8da2 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -202,6 +202,9 @@ PP/21 Fix eximon continuous updating with timestamped log-files.
       Report and fix from Heiko Schlichting.
       Bugzilla 1363.
 
+PP/22 Guard LDAP TLS usage against Solaris LDAP variant.
+      Report from Prashanth Katuri.
+
 
 Exim version 4.80.1
 -------------------

diff --git a/src/src/lookups/ldap.c b/src/src/lookups/ldap.c
index 244d6756120694623efbcf7bfa72eaa4924636bd..40345bafcbe56909f4291dd4b23a8162fa53875d 100644 (file)
--- a/src/src/lookups/ldap.c
+++ b/src/src/lookups/ldap.c
@@ -519,18 +519,25 @@ if (!lcp->bound ||
   {
   DEBUG(D_lookup) debug_printf("%sbinding with user=%s password=%s\n",
     (lcp->bound)? "re-" : "", user, password);
-#ifdef LDAP_OPT_X_TLS
-  /* The Oracle LDAP libraries (LDAP_LIB_TYPE=SOLARIS) don't support this: */
   if (eldap_start_tls)
     {
-        if ( (rc = ldap_start_tls_s(lcp->ld, NULL, NULL)) != LDAP_SUCCESS) {
-            *errmsg = string_sprintf("failed to initiate TLS processing on an "
-                "LDAP session to server %s%s - ldap_start_tls_s() returned %d:"
-                " %s", host, porttext, rc, ldap_err2string(rc));
-            goto RETURN_ERROR;
-        }
-    }
+#if defined(LDAP_OPT_X_TLS) && !defined(LDAP_LIB_SOLARIS)
+    /* The Oracle LDAP libraries (LDAP_LIB_TYPE=SOLARIS) don't support this.
+     * Note: moreover, they appear to now define LDAP_OPT_X_TLS and still not
+     *       export an ldap_start_tls_s symbol.
+     */
+    if ( (rc = ldap_start_tls_s(lcp->ld, NULL, NULL)) != LDAP_SUCCESS)
+      {
+      *errmsg = string_sprintf("failed to initiate TLS processing on an "
+          "LDAP session to server %s%s - ldap_start_tls_s() returned %d:"
+          " %s", host, porttext, rc, ldap_err2string(rc));
+      goto RETURN_ERROR;
+      }
+#else
+    DEBUG(D_lookup)
+      debug_printf("TLS initiation not supported with this Exim and your LDAP library.\n");
 #endif
+    }
   if ((msgid = ldap_bind(lcp->ld, CS user, CS password, LDAP_AUTH_SIMPLE))
        == -1)
     {