Dovecot auth-ldap ignores tls_* settings when using ldaps://
Heiko Schlittermann
hs at schlittermann.de
Tue Oct 13 18:35:26 UTC 2015
Timo Sirainen <tss at iki.fi> (Di 13 Okt 2015 20:19:54 CEST):
..
> > --- dovecot-2.2.9/src/auth/db-ldap.c 2013-11-24 14:37:39.000000000 +0100
> > +++ dovecot-2.2.9.hs12/src/auth/db-ldap.c 2015-10-08 21:24:47.051446465 +0200
> > @@ -1043,7 +1043,7 @@
> >
> > static void db_ldap_set_tls_options(struct ldap_connection *conn)
> > {
> > - if (!conn->set.tls)
> > + if (!(conn->set.tls || strncmp(conn->set.uris, "ldaps:", 6) == 0))
> > return;
>
> That's a bit ugly. I think also the URIs support multiple ones, so some ldap and some ldaps URLs could even be mixed, which of course would be quite ugly.. I think the fix is to just remove the if (tls)-check completely. I don't think setting those harms anything even if tls/ldaps isn't being used?
Yes, thinking about mixed schema in the URIs whould have been my next
question :)
Ok, I can test what happens if we set tls_options w/o using LDAP+TLS or
LDAPS at all.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20151013/cb4aa12f/attachment.sig>
More information about the dovecot
mailing list