From: Nick Porter <nick@portercomputing.co.uk>
Date: Thu, 18 Jul 2024 08:06:57 +0000 (+0100)
Subject: Set tls_mode if LDAP scheme is ldaps://
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9718d1c2e33dff20dd94ad374006f7ac5420b376;p=thirdparty%2Ffreeradius-server.git

Set tls_mode if LDAP scheme is ldaps://

Allows for ldaps:// connections on ports other than 636 to be correctly
identified as using SSL
---

diff --git a/src/lib/ldap/util.c b/src/lib/ldap/util.c
index e58e7876250..77eed445b70 100644
--- a/src/lib/ldap/util.c
+++ b/src/lib/ldap/util.c
@@ -656,6 +656,7 @@ int fr_ldap_server_url_check(fr_ldap_config_t *handle_config, char const *server
 				cf_log_err(ci, "ldaps:// scheme is not compatible with 'start_tls'");
 				goto ldap_url_error;
 			}
+			handle_config->tls_mode = LDAP_OPT_X_TLS_HARD;
 		} else if (strcmp(ldap_url->lud_scheme, "ldapi") == 0) {
 			set_port_maybe = false;
 		}