On Fri, Jun 26, 2009 at 02:37:32PM -0400, Victor Duchovni wrote:
> What exactly was working before and what did you change? You need
> a version of the LDAP library with debugging symbols. Then single-step
> "gdb" (debugging "postmap") through ldap_int_tls_init_ctx()
>
> called from ldap_pvt_tls_set_option().
> ----- openldap/libraries/libldap/tls.c line 332
> case LDAP_OPT_X_TLS_NEWCTX:
> if ( !arg ) return -1;
> if ( lo->ldo_tls_ctx )
> ldap_pvt_tls_ctx_free( lo->ldo_tls_ctx );
> lo->ldo_tls_ctx = NULL;
> return ldap_int_tls_init_ctx( lo, *(int *)arg );
>
> called from ldap_set_option()
> ----- openldap/libraries/libldap/options.c line 332
> #ifdef HAVE_TLS
> if ( ldap_pvt_tls_get_option( ld, option, outvalue ) == 0 ) {
> return LDAP_OPT_SUCCESS;
> }
> #endif
Sorry the calling code is on line 670 of options.c (in 2.4.11)
#ifdef HAVE_TLS
if ( ldap_pvt_tls_set_option( ld, option, (void *)invalue ) == 0 )
return LDAP_OPT_SUCCESS;
#endif
>
> called from dict_ldap_set_tls_options()
> ----- postfix/src/global/dict_ldap.c line 560 -----
> #ifdef LDAP_OPT_X_TLS_NEWCTX
> if ((rc = ldap_set_option(ld, LDAP_OPT_X_TLS_NEWCTX, &am_server))
> != LDAP_SUCCESS) {
> msg_warn("%s: Unable to allocate new TLS context %d: %s",
> myname, rc, ldap_err2string(rc));
> return (-1);
> }
> #endif
>
> This code works with Postfix and OpenLDAP both using OpenSSL, I don't
> have a GNUTLS build of OpenLDAP to test.
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majord...@postfix.org?body=unsubscribe%20postfix-users>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
