Hi Team,

We are developing a LDAP client in our application. For this we are using openLDAP software.
One of our requirement is to support either LDAP or LDAPS (LDAP/TLS) , based on the end-user input at runtime.
So, in our application we should have support for both LDAP & LDAPS APIs and we would be calling LDAPS API (ldap_tls_start_s) based on this runtime configuration or else normal LDAP API would be called.

We are able to integrate openLDAP with our application and achieve LDAP or LDAP/TLS requirement separately.
Since, the support for TLS in openLDAP is macro controlled (HAVE_TLS), at compile time itself its decided whether LDAP or LDAPs . And we are not able to take this decision at run-time.
If we compile openLDAP software with HAVE_TLS and use it for normal ldapsearch, this ldap command is seen in trace as ldap message over SSL without any encryption. But not as normal LDAP message.

So, we understand to achieve our requirement,
we would either be required to change the macro control of TLS to run-time control in the openLDAP code. (But we are feeling not to do this for maintainability purpose)
Try to use 2 openLDAP libraries, one compiled with HAVE_TLS and another without HAVE_TLS. And take care in application side to call the respective API without causing any resolution issue.

Can you please suggest whether there is any other approach currently available in openLDAP to support both LDAP and LDAP/TLS at the sametime.

G Gokul