static char *prog;
static char *binddn = NULL;
static struct berval passwd = { 0, NULL };
+static char *ldapuri = NULL;
static char *ldaphost = NULL;
static int ldapport = 0;
static int prune = 0;
#endif
static int use_tls = 0;
static int not, verbose, contoper;
-static LDAP *ld;
+static LDAP *ld = NULL;
static int dodelete LDAP_P((
LDAP *ld,
prog = (prog = strrchr(argv[0], *LDAP_DIRSEP)) == NULL ? argv[0] : prog + 1;
- while (( i = getopt( argc, argv, "cf:r" "Cd:D:h:IkKMnO:p:P:QRU:vw:WxX:Y:Z" )) != EOF ) {
+ while (( i = getopt( argc, argv, "cf:r" "Cd:D:h:H:IkKMnO:p:P:QRU:vw:WxX:Y:Z" )) != EOF ) {
switch( i ) {
/* Delete Specific Options */
case 'c': /* continuous operation mode */
binddn = strdup( optarg );
break;
case 'h': /* ldap host */
+ if( ldapuri != NULL ) {
+ fprintf( stderr, "%s: -h incompatible with -H\n" );
+ return EXIT_FAILURE;
+ }
if( ldaphost != NULL ) {
fprintf( stderr, "%s: -h previously specified\n" );
return EXIT_FAILURE;
}
ldaphost = strdup( optarg );
break;
+ case 'H': /* ldap URI */
+ if( ldaphost != NULL ) {
+ fprintf( stderr, "%s: -H incompatible with -h\n" );
+ return EXIT_FAILURE;
+ }
+ if( ldapport ) {
+ fprintf( stderr, "%s: -H incompatible with -p\n" );
+ return EXIT_FAILURE;
+ }
+ if( ldapuri != NULL ) {
+ fprintf( stderr, "%s: -H previously specified\n" );
+ return EXIT_FAILURE;
+ }
+ ldapuri = strdup( optarg );
+ break;
case 'I':
#ifdef HAVE_CYRUS_SASL
if( version == LDAP_VERSION2 ) {
(void) SIGNAL( SIGPIPE, SIG_IGN );
#endif
- if (( ld = ldap_init( ldaphost, ldapport )) == NULL ) {
- perror( "ldap_init" );
- return( EXIT_FAILURE );
- }
+ if( ( ldaphost != NULL || ldapport ) && ( ldapuri == NULL ) ) {
+ if ( verbose ) {
+ fprintf( stderr, "ldap_init( %s, %d )\n",
+ ldaphost != NULL ? ldaphost : "<DEFAULT>",
+ ldapport );
+ }
+ ld = ldap_init( ldaphost, ldapport );
+
+ } else {
+ if ( verbose ) {
+ fprintf( stderr, "ldap_initialize( %s )\n",
+ ldapuri != NULL ? ldapuri : "<DEFAULT>" );
+ }
+ (void) ldap_initialize( &ld, ldapuri );
+ }
+
+ if( ld == NULL ) {
+ fprintf( stderr, "Could not create LDAP session handle (%d): %s\n",
+ rc, ldap_err2string(rc) );
+ return EXIT_FAILURE;
+ }
{
/* this seems prudent for searches below */
static char *prog;
static char *binddn = NULL;
static struct berval passwd = { 0, NULL };
+static char *ldapuri = NULL;
static char *ldaphost = NULL;
static int ldapport = 0;
#ifdef HAVE_CYRUS_SASL
#endif
static int use_tls = 0;
static int ldapadd, replace, not, verbose, contoper, force;
-static LDAP *ld;
+static LDAP *ld = NULL;
#define LDAPMOD_MAXLINE 4096
authmethod = -1;
version = -1;
- while (( i = getopt( argc, argv, "acrf:F" "Cd:D:h:IkKMnO:p:P:QRU:vw:WxX:Y:Z" )) != EOF ) {
+ while (( i = getopt( argc, argv, "acrf:F" "Cd:D:h:H:IkKMnO:p:P:QRU:vw:WxX:Y:Z" )) != EOF ) {
switch( i ) {
/* Modify Options */
case 'a': /* add */
binddn = strdup( optarg );
break;
case 'h': /* ldap host */
+ if( ldapuri != NULL ) {
+ fprintf( stderr, "%s: -h incompatible with -H\n" );
+ return EXIT_FAILURE;
+ }
if( ldaphost != NULL ) {
fprintf( stderr, "%s: -h previously specified\n" );
return EXIT_FAILURE;
}
ldaphost = strdup( optarg );
break;
+ case 'H': /* ldap URI */
+ if( ldaphost != NULL ) {
+ fprintf( stderr, "%s: -H incompatible with -h\n" );
+ return EXIT_FAILURE;
+ }
+ if( ldapport ) {
+ fprintf( stderr, "%s: -H incompatible with -p\n" );
+ return EXIT_FAILURE;
+ }
+ if( ldapuri != NULL ) {
+ fprintf( stderr, "%s: -H previously specified\n" );
+ return EXIT_FAILURE;
+ }
+ ldapuri = strdup( optarg );
+ break;
case 'I':
#ifdef HAVE_CYRUS_SASL
if( version == LDAP_VERSION2 ) {
#endif
if ( !not ) {
- if (( ld = ldap_init( ldaphost, ldapport )) == NULL ) {
- perror( "ldap_init" );
- return( EXIT_FAILURE );
+ if( ( ldaphost != NULL || ldapport ) && ( ldapuri == NULL ) ) {
+ if ( verbose ) {
+ fprintf( stderr, "ldap_init( %s, %d )\n",
+ ldaphost != NULL ? ldaphost : "<DEFAULT>",
+ ldapport );
+ }
+ ld = ldap_init( ldaphost, ldapport );
+
+ } else {
+ if ( verbose ) {
+ fprintf( stderr, "ldap_initialize( %s )\n",
+ ldapuri != NULL ? ldapuri : "<DEFAULT>" );
+ }
+ (void) ldap_initialize( &ld, ldapuri );
+ }
+
+ if( ld == NULL ) {
+ fprintf( stderr, "Could not create LDAP session handle (%d): %s\n",
+ rc, ldap_err2string(rc) );
+ return EXIT_FAILURE;
}
/* referrals */
static char *prog = NULL;
static char *binddn = NULL;
static struct berval passwd = { 0, NULL };
+static char *ldapuri = NULL;
static char *ldaphost = NULL;
static int ldapport = 0;
#ifdef HAVE_CYRUS_SASL
#endif
static int use_tls = 0;
static int not, verbose, contoper;
-static LDAP *ld;
+static LDAP *ld = NULL;
static int domodrdn(
LDAP *ld,
prog = (prog = strrchr(argv[0], *LDAP_DIRSEP)) == NULL ? argv[0] : prog + 1;
- while (( i = getopt( argc, argv, "cf:rs:" "Cd:D:h:IkKMnO:p:P:QRU:vw:WxX:Y:Z" )) != EOF ) {
+ while (( i = getopt( argc, argv, "cf:rs:" "Cd:D:h:H:IkKMnO:p:P:QRU:vw:WxX:Y:Z" )) != EOF ) {
switch( i ) {
/* Modrdn Options */
case 'c':
binddn = strdup( optarg );
break;
case 'h': /* ldap host */
+ if( ldapuri != NULL ) {
+ fprintf( stderr, "%s: -h incompatible with -H\n" );
+ return EXIT_FAILURE;
+ }
if( ldaphost != NULL ) {
fprintf( stderr, "%s: -h previously specified\n" );
return EXIT_FAILURE;
}
ldaphost = strdup( optarg );
break;
+ case 'H': /* ldap URI */
+ if( ldaphost != NULL ) {
+ fprintf( stderr, "%s: -H incompatible with -h\n" );
+ return EXIT_FAILURE;
+ }
+ if( ldapport ) {
+ fprintf( stderr, "%s: -H incompatible with -p\n" );
+ return EXIT_FAILURE;
+ }
+ if( ldapuri != NULL ) {
+ fprintf( stderr, "%s: -H previously specified\n" );
+ return EXIT_FAILURE;
+ }
+ ldapuri = strdup( optarg );
+ break;
case 'I':
#ifdef HAVE_CYRUS_SASL
if( version == LDAP_VERSION2 ) {
(void) SIGNAL( SIGPIPE, SIG_IGN );
#endif
- if (( ld = ldap_init( ldaphost, ldapport )) == NULL ) {
- perror( "ldap_init" );
- return( EXIT_FAILURE );
- }
+ if( ( ldaphost != NULL || ldapport ) && ( ldapuri == NULL ) ) {
+ if ( verbose ) {
+ fprintf( stderr, "ldap_init( %s, %d )\n",
+ ldaphost != NULL ? ldaphost : "<DEFAULT>",
+ ldapport );
+ }
+ ld = ldap_init( ldaphost, ldapport );
+
+ } else {
+ if ( verbose ) {
+ fprintf( stderr, "ldap_initialize( %s )\n",
+ ldapuri != NULL ? ldapuri : "<DEFAULT>" );
+ }
+ (void) ldap_initialize( &ld, ldapuri );
+ }
+
+ if( ld == NULL ) {
+ fprintf( stderr, "Could not create LDAP session handle (%d): %s\n",
+ rc, ldap_err2string(rc) );
+ return EXIT_FAILURE;
+ }
/* referrals */
if( ldap_set_option( ld, LDAP_OPT_REFERRALS,
" -d level set LDAP debugging level to `level'\n"
" -D binddn bind DN\n"
" -f file read operations from `file'\n"
-" -h host LDAP server\n"
+" -h host LDAP server(s)\n"
+" -H URI LDAP Uniform Resource Indentifier(s)\n"
" -I use SASL Interactive mode\n"
" -n show what would be done but don't actually search\n"
" -O props SASL security properties\n"
int rc;
char *prog = NULL;
char *ldaphost = NULL;
+ char *ldapuri = NULL;
char *dn = NULL;
char *binddn = NULL;
#endif
int use_tls = 0;
int referrals = 0;
- LDAP *ld;
+ LDAP *ld = NULL;
struct berval *bv = NULL;
int id, code;
usage (argv[0]);
while( (i = getopt( argc, argv,
- "Aa:Ss:" "Cd:D:h:InO:p:QRU:vw:WxX:Y:Z" )) != EOF )
+ "Aa:Ss:" "Cd:D:h:H:InO:p:QRU:vw:WxX:Y:Z" )) != EOF )
{
switch (i) {
/* Password Options */
binddn = strdup( optarg );
break;
case 'h': /* ldap host */
+ if( ldapuri != NULL ) {
+ fprintf( stderr, "%s: -h incompatible with -H\n" );
+ return EXIT_FAILURE;
+ }
if( ldaphost != NULL ) {
fprintf( stderr, "%s: -h previously specified\n" );
return EXIT_FAILURE;
}
ldaphost = strdup( optarg );
break;
+ case 'H': /* ldap URI */
+ if( ldaphost != NULL ) {
+ fprintf( stderr, "%s: -H incompatible with -h\n" );
+ return EXIT_FAILURE;
+ }
+ if( ldapport ) {
+ fprintf( stderr, "%s: -H incompatible with -p\n" );
+ return EXIT_FAILURE;
+ }
+ if( ldapuri != NULL ) {
+ fprintf( stderr, "%s: -H previously specified\n" );
+ return EXIT_FAILURE;
+ }
+ ldapuri = strdup( optarg );
+ break;
case 'I':
#ifdef HAVE_CYRUS_SASL
if( version == LDAP_VERSION2 ) {
#endif
/* connect to server */
- if ((ld = ldap_init( ldaphost, ldapport )) == NULL) {
- perror("ldap_init");
+ if( ( ldaphost != NULL || ldapport ) && ( ldapuri == NULL ) ) {
+ if ( verbose ) {
+ fprintf( stderr, "ldap_init( %s, %d )\n",
+ ldaphost != NULL ? ldaphost : "<DEFAULT>",
+ ldapport );
+ }
+ ld = ldap_init( ldaphost, ldapport );
+
+ } else {
+ if ( verbose ) {
+ fprintf( stderr, "ldap_initialize( %s )\n",
+ ldapuri != NULL ? ldapuri : "<DEFAULT>" );
+ }
+ (void) ldap_initialize( &ld, ldapuri );
+ }
+
+ if( ld == NULL ) {
+ fprintf( stderr, "Could not create LDAP session handle (%d): %s\n",
+ rc, ldap_err2string(rc) );
return EXIT_FAILURE;
}
static struct berval passwd = { 0, NULL };
static char *base = NULL;
static char *ldaphost = NULL;
+static char *ldapuri = NULL;
static int ldapport = 0;
#ifdef HAVE_CYRUS_SASL
static unsigned sasl_flags = LDAP_SASL_AUTOMATIC;
int rc, i, first, scope, deref, attrsonly, manageDSAit;
int referrals, timelimit, sizelimit, debug;
int authmethod, version, want_bindpw;
- LDAP *ld;
+ LDAP *ld = NULL;
infile = NULL;
debug = verbose = not = vals2tmp = referrals =
prog = (prog = strrchr(argv[0], *LDAP_DIRSEP)) == NULL ? argv[0] : prog + 1;
while (( i = getopt( argc, argv,
- "Aa:b:f:Ll:S:s:T:tuV:z:" "Cd:D:h:IkKMnO:p:P:QRU:vw:WxX:Y:Z")) != EOF )
+ "Aa:b:f:Ll:S:s:T:tuV:z:" "Cd:D:h:H:IkKMnO:p:P:QRU:vw:WxX:Y:Z")) != EOF )
{
switch( i ) {
/* Search Options */
binddn = strdup( optarg );
break;
case 'h': /* ldap host */
+ if( ldapuri != NULL ) {
+ fprintf( stderr, "%s: -h incompatible with -H\n" );
+ return EXIT_FAILURE;
+ }
if( ldaphost != NULL ) {
fprintf( stderr, "%s: -h previously specified\n" );
return EXIT_FAILURE;
}
ldaphost = strdup( optarg );
break;
+ case 'H': /* ldap URI */
+ if( ldaphost != NULL ) {
+ fprintf( stderr, "%s: -H incompatible with -h\n" );
+ return EXIT_FAILURE;
+ }
+ if( ldapport ) {
+ fprintf( stderr, "%s: -H incompatible with -p\n" );
+ return EXIT_FAILURE;
+ }
+ if( ldapuri != NULL ) {
+ fprintf( stderr, "%s: -H previously specified\n" );
+ return EXIT_FAILURE;
+ }
+ ldapuri = strdup( optarg );
+ break;
case 'I':
#ifdef HAVE_CYRUS_SASL
if( version == LDAP_VERSION2 ) {
(void) SIGNAL( SIGPIPE, SIG_IGN );
#endif
- if ( verbose ) {
- fprintf( stderr,
- (ldapport ? "ldap_init( %s, %d )\n" : "ldap_init( %s, <DEFAULT> )\n"),
- (ldaphost != NULL) ? ldaphost : "<DEFAULT>",
- ldapport );
+
+ if( ( ldaphost != NULL || ldapport ) && ( ldapuri == NULL ) ) {
+ if ( verbose ) {
+ fprintf( stderr, "ldap_init( %s, %d )\n",
+ ldaphost != NULL ? ldaphost : "<DEFAULT>",
+ ldapport );
+ }
+ ld = ldap_init( ldaphost, ldapport );
+
+ } else {
+ if ( verbose ) {
+ fprintf( stderr, "ldap_initialize( %s )\n",
+ ldapuri != NULL ? ldapuri : "<DEFAULT>" );
+ }
+ (void) ldap_initialize( &ld, ldapuri );
}
- if (( ld = ldap_init( ldaphost, ldapport )) == NULL ) {
- perror( "ldap_init" );
+ if( ld == NULL ) {
+ fprintf( stderr, "Could not create LDAP session handle (%d): %s\n",
+ rc, ldap_err2string(rc) );
return EXIT_FAILURE;
}
[\c
.BI \-w \ passwd\fR]
[\c
+.BI \-H \ ldapuri\fR]
+[\c
.BI \-h \ ldaphost\fR]
[\c
.BI \-P \ 2\fR\||\|\fI3\fR]
.BI \-w \ passwd
Use \fIpasswd\fP as the password for simple authentication.
.TP
+.BI \-H \ ldapuri
+Specify URI(s) referring to the ldap server(s).
+.TP
.BI \-h \ ldaphost
Specify an alternate host on which the ldap server is running.
+Deprecated in favor of -H.
.TP
.BI \-p \ ldapport
Specify an alternate TCP port where the ldap server is listening.
+Deprecated in favor of -H.
.TP
.BI \-P \ 2\fR\||\|\fI3
Specify the LDAP protocol version to use.
[\c
.BI \-w \ passwd\fR]
[\c
+.BI \-H \ ldapuri\fR]
+[\c
.BI \-h \ ldaphost\fR]
[\c
.BI \-p \ ldapport\fR]
.BI \-w \ passwd
Use \fIpasswd\fP as the password for simple authentication.
.TP
+.BI \-H \ ldapuri
+Specify URI(s) referring to the ldap server(s).
+.TP
.BI \-h \ ldaphost
Specify an alternate host on which the ldap server is running.
+Deprecated in favor of -H.
.TP
.BI \-p \ ldapport
Specify an alternate TCP port where the ldap server is listening.
+Deprecated in favor of -H.
.TP
.BI \-P \ 2\fR\||\|\fI3
Specify the LDAP protocol version to use.
[\c
.BI \-w \ passwd\fR]
[\c
+.BI \-H \ ldapuri\fR]
+[\c
.BI \-h \ ldaphost\fR]
[\c
.BI \-p \ ldapport\fR]
.B \-w passwd
Use \fIpasswd\fP as the password for simple authentication.
.TP
-.B \-h ldaphost
+.BI \-H \ ldapuri
+Specify URI(s) referring to the ldap server(s).
+.TP
+.BI \-h \ ldaphost
Specify an alternate host on which the ldap server is running.
+Deprecated in favor of -H.
.TP
-.B \-p ldapport
+.BI \-p \ ldapport
Specify an alternate TCP port where the ldap server is listening.
+Deprecated in favor of -H.
.TP
.BI \-P \ 2\fR\||\|\fI3
Specify the LDAP protocol version to use.
[\c
.BI \-d \ debuglevel\fR]
[\c
+.BI \-H \ ldapuri\fR]
+[\c
.BI \-h \ ldaphost\fR]
[\c
.BR \-n ]
.B ldappasswd
must be compiled with LDAP_DEBUG defined for this option to have any effect.
.TP
+.BI \-H \ ldapuri
+Specify URI(s) referring to the ldap server(s).
+.TP
.BI \-h \ ldaphost
Specify an alternate host on which the ldap server is running.
+Deprecated in favor of -H.
+.TP
+.BI \-p \ ldapport
+Specify an alternate TCP port where the ldap server is listening.
+Deprecated in favor of -H.
.TP
.B \-n
Do not set password. (Can be useful when used in conjunction with
.BI \-s \ newPasswd
Set the new password to \fInewPasswd\fP.
.TP
-.BI \-p \ ldapport
-Specify an alternate port on which the ldap server is running.
-.TP
.B \-v
Increase the verbosity of output. Can be specified multiple times.
.TP
[\c
.BI \-w \ bindpasswd\fR]
[\c
+.BI \-H \ ldapuri\fR]
+[\c
.BI \-h \ ldaphost\fR]
[\c
.BI \-p \ ldapport\fR]
.BI \-w \ bindpasswd
Use \fIbindpasswd\fP as the password for simple authentication.
.TP
+.BI \-H \ ldapuri
+Specify URI(s) referring to the ldap server(s).
+.TP
.BI \-h \ ldaphost
Specify an alternate host on which the ldap server is running.
+Deprecated in favor of -H.
.TP
.BI \-p \ ldapport
Specify an alternate TCP port where the ldap server is listening.
+Deprecated in favor of -H.
.TP
.BI \-b \ searchbase
Use \fIsearchbase\fP as the starting point for the search instead of
slappasswd \- OpenLDAP password utility
.SH SYNOPSIS
.B SBINDIR/slappasswd
-.B [\-a]
.B [\-v]
+.B [\-u]
.B [\-s secret]
.B [\-h hash]
.B
.SH DESCRIPTION
.LP
.B Slappasswd
-is used to compute a hashed password suitable for use
-as a userPassword value
+is used to generate an userPassword value
+suitable for use with
+.BR ldapmodify (1)
+or
.BR slapd.conf (5)
-.BR rootpw .
+.I rootpw
+coniguration directive.
.SH OPTIONS
.TP
-.B \-a
-generate authPassword values instead of RFC2307 passwords
-.TP
.B \-v
enable verbose mode.
+.B \-u
+generate RFC2307 userPassword values (the default). Future
+versions of this program may generate alternative syntaxes
+by default. This option is provided for forward compatibility.
.TP
.BI \-s " secret"
The secret to hash. If not provided, the user will be prompted
for the secret to hash.
.TP
-.BI \-h " scheme"
-The hash scheme to use. RFC2307 schemes supported include
+If -h is specified, one of the following RFC2307 schemes may
+be specified:
.IR {CRYPT} ,
.IR {MD5} ,
.IR {SMD5} ,
The default is
.IR {SSHA} .
.LP
-If \-a is specified, the following authPassword schemes
-may be specified:
-.IR MD5 ,
-.IR SHA1 ", and"
-.IR X-CRYPT .
-The default is
-.IR SHA1 .
.SH LIMITATIONS
-The practice storing hashed passwords in userPassword
-violates Standard Track schema and may hinder
-interoperability. authPassword is not yet widely supported.
+The practice storing hashed passwords in userPassword violates
+Standard Track (RFC2256) schema specifications and may hinder
+interoperability. A new attribute type to hold hashed
+passwords is needed.
.SH "SECURITY CONSIDERATIONS"
Use of hashed passwords does not protect passwords during
protocol transfer. TLS or other eavesdropping protections
.BR ldappasswd (1),
.BR ldapmodify (1),
.BR slapd (8)
+.BR slapd.conf (5)
.LP
"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
.SH ACKNOWLEDGEMENTS
-.B OpenLDAP
-is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
-.B OpenLDAP
-is derived from University of Michigan LDAP 3.3 Release.
+OpenLDAP is developed and maintained by
+The OpenLDAP Project (http://www.openldap.org/).
+OpenLDAP is derived from University of Michigan LDAP 3.3 Release.
# See ldap.conf(5) for details
# This file should be world readable.
-#BASE dc=OpenLDAP, dc=Org
-#URI ldap://ldap.openldap.org ldap://ldap-master.openldap.org:666
+#BASE dc=example, dc=com
+#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT 12
#TIMELIMIT 15
return LDAP_SUCCESS;
}
-int
-ldap_start_tls_s ( LDAP *ld,
- LDAPControl **serverctrls,
- LDAPControl **clientctrls )
-{
-#ifdef HAVE_TLS
- LDAPConn *lc;
- int rc;
- char *rspoid = NULL;
- struct berval *rspdata = NULL;
-
- if (ld->ld_conns == NULL) {
- rc = ldap_open_defconn( ld );
- if (rc != LDAP_SUCCESS)
- return(rc);
- }
-
- for (lc = ld->ld_conns; lc != NULL; lc = lc->lconn_next) {
- if (ldap_pvt_tls_inplace(lc->lconn_sb) != 0)
- return LDAP_OPERATIONS_ERROR;
-
- /* XXYYZ: this initiates operaton only on default connection! */
- rc = ldap_extended_operation_s(ld, LDAP_EXOP_START_TLS,
- NULL, serverctrls, clientctrls, &rspoid, &rspdata);
-
- if (rc != LDAP_SUCCESS)
- return rc;
- if (rspoid != NULL)
- LDAP_FREE(rspoid);
- if (rspdata != NULL)
- ber_bvfree(rspdata);
- rc = ldap_pvt_tls_start( ld, lc->lconn_sb, ld->ld_options.ldo_tls_ctx );
- if (rc != LDAP_SUCCESS)
- return rc;
- }
- return LDAP_SUCCESS;
-#else
- return LDAP_NOT_SUPPORTED;
-#endif
-}
-
int
ldap_int_open_connection(
LDAP *ld,
#include "portable.h"
-#ifdef HAVE_TLS
-
#include <stdio.h>
#include <ac/stdlib.h>
#include "ldap-int.h"
+#ifdef HAVE_TLS
+
#ifdef LDAP_R_COMPILE
#include <ldap_pvt_thread.h>
#endif
return NULL;
}
#endif
+#endif
+
+int
+ldap_start_tls_s ( LDAP *ld,
+ LDAPControl **serverctrls,
+ LDAPControl **clientctrls )
+{
+#ifdef HAVE_TLS
+ LDAPConn *lc;
+ int rc;
+ char *rspoid = NULL;
+ struct berval *rspdata = NULL;
+
+ if (ld->ld_conns == NULL) {
+ rc = ldap_open_defconn( ld );
+ if (rc != LDAP_SUCCESS)
+ return(rc);
+ }
+ for (lc = ld->ld_conns; lc != NULL; lc = lc->lconn_next) {
+ if (ldap_pvt_tls_inplace(lc->lconn_sb) != 0)
+ return LDAP_OPERATIONS_ERROR;
+
+ /* XXYYZ: this initiates operaton only on default connection! */
+ rc = ldap_extended_operation_s(ld, LDAP_EXOP_START_TLS,
+ NULL, serverctrls, clientctrls, &rspoid, &rspdata);
+
+ if (rc != LDAP_SUCCESS)
+ return rc;
+ if (rspoid != NULL)
+ LDAP_FREE(rspoid);
+ if (rspdata != NULL)
+ ber_bvfree(rspdata);
+ rc = ldap_pvt_tls_start( ld, lc->lconn_sb, ld->ld_options.ldo_tls_ctx );
+ if (rc != LDAP_SUCCESS)
+ return rc;
+ }
+ return LDAP_SUCCESS;
#else
-static int dummy;
+ return LDAP_NOT_SUPPORTED;
#endif
+}
+