[PATCH] smbldap: don't try start tls on ldaps:// connections

Thu Dec 7 15:24:11 UTC 2017

From: Bjoern Jacke <bjacke at samba.org>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=6079

Signed-off-by: Bjoern Jacke <bjacke at samba.org>
---
 source3/lib/smbldap.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c
index 71166f6..ebefd04 100644
--- a/source3/lib/smbldap.c
+++ b/source3/lib/smbldap.c
@@ -604,7 +604,7 @@ static void smbldap_store_state(LDAP *ld, struct smbldap_state *smbldap_state)
 int smbldap_start_tls(LDAP *ldap_struct, int version)
 { 
 #ifdef LDAP_OPT_X_TLS
-	int rc;
+	int rc,tls;
 #endif
 
 	if (lp_ldap_ssl() != LDAP_SSL_START_TLS) {
@@ -612,6 +612,12 @@ int smbldap_start_tls(LDAP *ldap_struct, int version)
 	}
 
 #ifdef LDAP_OPT_X_TLS
+	/* check if we use ldaps already */
+	ldap_get_option(ldap_struct, LDAP_OPT_X_TLS, &tls);
+	if (tls = LDAP_OPT_X_TLS_HARD) {
+		return LDAP_SUCCESS;
+	}
+
 	if (version != LDAP_VERSION3) {
 		DEBUG(0, ("Need LDAPv3 for Start TLS\n"));
 		return LDAP_OPERATIONS_ERROR;
-- 
2.7.4


