From: Timo Sirainen <timo.sirainen@open-xchange.com>
Date: Tue, 7 Apr 2026 20:10:31 +0000 (+0300)
Subject: lib-ldap: Use default ldap settings if not overridden by Dovecot config
X-Git-Tag: 2.4.4~78
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e448e9ea2b816ec77c4f9f59eb92ba2f317bc072;p=thirdparty%2Fdovecot%2Fcore.git

lib-ldap: Use default ldap settings if not overridden by Dovecot config

This fixes e.g. using system default CAs.
---

diff --git a/src/lib-ldap/ldap-utils.c b/src/lib-ldap/ldap-utils.c
index 8ed094e1ed..f1c7e91414 100644
--- a/src/lib-ldap/ldap-utils.c
+++ b/src/lib-ldap/ldap-utils.c
@@ -57,8 +57,22 @@ int ldap_set_opt_str(LDAP *ld, int opt, const char *value,
 {
 	if (*value != '\0')
 		return ldap_set_opt(ld, opt, value, optname, value, error_r);
-	else
+
+	/* Copy it from global context. This allows getting defaults from
+	   ldap.conf */
+	char *global_value;
+	if (ldap_get_option(NULL, opt, &global_value) != LDAP_SUCCESS)
+		i_unreached();
+	if (global_value == NULL)
 		return 0;
+
+	int ret = 0;
+	if (global_value[0] != '\0') {
+		ret = ldap_set_opt(ld, opt, global_value, optname,
+				   global_value, error_r);
+	}
+	free(global_value);
+	return ret;
 }
 
 #ifndef LDAP_OPT_X_TLS
@@ -85,6 +99,8 @@ int ldap_set_tls_options(LDAP *ld, bool starttls, const char *uris,
 	settings_file_get(ssl_set->ssl_client_ca_file,
 			  unsafe_data_stack_pool, &ca_file);
 
+	ldap_init_defaults();
+
 	if (ldap_set_opt_str(ld, LDAP_OPT_X_TLS_CACERTFILE,
 			     ca_file.path, "ssl_client_ca_file", error_r) < 0)
 		return -1;