Simon Pichugin wrote:
Hello,
I have a question regarding libldap function ldap_install_tls().
If it fails, is it the right thing to call ldap_unbind_ext() after that?
Probably.
If we call it, does it mean that ldap_install_tls() made a bind?
No.
Or do we call ldap_install_tls() on the connection that is already
bound?
That's not the usual way to do things, no. Most likely you should be using
ldap_start_tls() instead.
Sorry if the information is available somewhere, but I missed to find
it.
Most likely ldap_install_tls() should never have been released as a public
API. You can't use it correctly without coordinating with the server, which
ldap_start_tls() already does. I suggest you forget that this function exists.
The only thing I found is that OpenLDAP server
calls ldap_unbind_ext() in case of failure but maybe I miss something...
https://git.openldap.org/openldap/openldap/-/blob/master/servers/slapd/ba...
The code you reference is inside an #ifdef block whose comments state that
the feature is unimplemented.
So again, don't use this function.
Thank you,
Simon
--
-- Howard Chu
CTO, Symas Corp.
http://www.symas.com
Director, Highland Sun
http://highlandsun.com/hyc/
Chief Architect, OpenLDAP
http://www.openldap.org/project/