From f989b6ee0db96c36f13f093cbbcfd1d5b472d03c Mon Sep 17 00:00:00 2001 From: Andre Heinecke Date: Tue, 14 Jun 2016 19:22:52 +0200 Subject: [PATCH] dirmngr: Try ldap protocol V3 as fallback * dirmngr/dirmngr_ldap.c (fetch_ldap): Try V3 Protocol in case default Protocol gives error. -- Servers may have blocked V2 Protocol, in which case the bind will result in a Protocol Error. In that case we try again with v3 Protocol if the ldap libarary used to compile dirmngr supports V3. Signed-off-by: Andre Heinecke --- dirmngr/dirmngr_ldap.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/dirmngr/dirmngr_ldap.c b/dirmngr/dirmngr_ldap.c index a31b14a6f..9e12f88a3 100644 --- a/dirmngr/dirmngr_ldap.c +++ b/dirmngr/dirmngr_ldap.c @@ -641,6 +641,18 @@ fetch_ldap (my_opt_t myopt, const char *url, const LDAPURLDesc *ludp) /* Fixme: Can we use MYOPT->user or is it shared with other theeads?. */ ret = my_ldap_simple_bind_s (ld, myopt->user, myopt->pass); npth_protect (); +#ifdef LDAP_VERSION3 + if (ret == LDAP_PROTOCOL_ERROR) + { + int version = LDAP_VERSION3; + /* Protocol error could mean that the server only supports v3 */ + npth_unprotect (); + log_debug ("Protocol error, retrying bind with V3 Protocol. \n"); + ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION, &version); + ret = my_ldap_simple_bind_s (ld, myopt->user, myopt->pass); + npth_protect (); + } +#endif if (ret) { log_error (_("binding to '%s:%d' failed: %s\n"),