Index: http_auth.c =================================================================== --- http_auth.c (revision 782) +++ http_auth.c (working copy) @@ -49,6 +49,8 @@ }; #endif +handler_t auth_ldap_init(server *srv, mod_auth_plugin_config *s); + static const char base64_pad = '='; static const short base64_reverse_table[256] = { @@ -577,11 +581,17 @@ /* 2. */ - if (LDAP_SUCCESS != (ret = ldap_search_s(p->conf.ldap, p->conf.auth_ldap_basedn->ptr, LDAP_SCOPE_SUBTREE, p->ldap_filter->ptr, attrs, 0, &lm))) { + if (p->conf.ldap == NULL || + LDAP_SUCCESS != (ret = ldap_search_s(p->conf.ldap, p->conf.auth_ldap_basedn->ptr, LDAP_SCOPE_SUBTREE, p->ldap_filter->ptr, attrs, 0, &lm))) { + if (auth_ldap_init(srv, &p->conf) != HANDLER_GO_ON) + return -1; + if (LDAP_SUCCESS != (ret = ldap_search_s(p->conf.ldap, p->conf.auth_ldap_basedn->ptr, LDAP_SCOPE_SUBTREE, p->ldap_filter->ptr, attrs, 0, &lm))) { + log_error_write(srv, __FILE__, __LINE__, "sssb", "ldap:", ldap_err2string(ret), "filter:", p->ldap_filter); return -1; + } } if (NULL == (first = ldap_first_entry(p->conf.ldap, lm))) { Index: mod_auth.c =================================================================== --- mod_auth.c (revision 782) +++ mod_auth.c (working copy) @@ -12,7 +12,9 @@ #include "log.h" #include "response.h" +handler_t auth_ldap_init(server *srv, mod_auth_plugin_config *s); + /** * the basic and digest auth framework * @@ -505,8 +507,25 @@ close(fd); } break; - case AUTH_BACKEND_LDAP: + case AUTH_BACKEND_LDAP: { + handler_t ret = auth_ldap_init(srv, s); + if (ret == HANDLER_ERROR) + return (ret); + break; + } + default: + break; + } + } + + return HANDLER_GO_ON; +} + +handler_t +auth_ldap_init(server *srv, mod_auth_plugin_config *s) +{ #ifdef USE_LDAP + int ret; #if 0 if (s->auth_ldap_basedn->used == 0) { log_error_write(srv, __FILE__, __LINE__, "s", "ldap: auth.backend.ldap.base-dn has to be set"); @@ -546,6 +565,7 @@ } if (s->auth_ldap_starttls) { +#if 0 if (buffer_is_empty(s->auth_ldap_cafile)) { log_error_write(srv, __FILE__, __LINE__, "s", "CA file has to be set"); @@ -558,6 +578,7 @@ return HANDLER_ERROR; } +#endif if (LDAP_OPT_SUCCESS != (ret = ldap_start_tls_s(s->ldap, NULL, NULL))) { log_error_write(srv, __FILE__, __LINE__, "ss", "ldap startTLS failed:", ldap_err2string(ret)); @@ -586,13 +607,7 @@ log_error_write(srv, __FILE__, __LINE__, "s", "no ldap support available"); return HANDLER_ERROR; #endif - break; - default: - break; - } - } - - return HANDLER_GO_ON; + return HANDLER_GO_ON; } int mod_auth_plugin_init(plugin *p) {