smbldap: don't try start tls on ldaps:// connections

BUG: https://bugzilla.samba.org/show_bug.cgi?id=6079

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Tue Jan  2 18:01:17 CET 2018 on sn-devel-144

diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c
index 71166f649bea844ceb084791c69752648ba2e86c..5a67ab79058dd0cec331d12c86b7b99370731532 100644 (file)
--- a/source3/lib/smbldap.c
+++ b/source3/lib/smbldap.c
@@ -604,7 +604,7 @@ static void smbldap_store_state(LDAP *ld, struct smbldap_state *smbldap_state)
 int smbldap_start_tls(LDAP *ldap_struct, int version)
 { 
 #ifdef LDAP_OPT_X_TLS
-       int rc;
+       int rc,tls;
 #endif
 
        if (lp_ldap_ssl() != LDAP_SSL_START_TLS) {
@@ -612,6 +612,12 @@ int smbldap_start_tls(LDAP *ldap_struct, int version)
        }
 
 #ifdef LDAP_OPT_X_TLS
+       /* check if we use ldaps already */
+       ldap_get_option(ldap_struct, LDAP_OPT_X_TLS, &tls);
+       if (tls == LDAP_OPT_X_TLS_HARD) {
+               return LDAP_SUCCESS;
+       }
+
        if (version != LDAP_VERSION3) {
                DEBUG(0, ("Need LDAPv3 for Start TLS\n"));
                return LDAP_OPERATIONS_ERROR;