dirmngr: Try ldap protocol V3 as fallback

* dirmngr/dirmngr_ldap.c (fetch_ldap): Try V3 Protocol in case
default Protocol gives error.

--
Servers may have blocked V2 Protocol, in which case the
bind will result in a Protocol Error. In that case we try
again with v3 Protocol if the ldap libarary used to compile
dirmngr supports V3.

Signed-off-by: Andre Heinecke <[email protected]>

1 files changed, 12 insertions, 0 deletions

diff --git a/dirmngr/dirmngr_ldap.c b/dirmngr/dirmngr_ldap.c
index a31b14a6f..9e12f88a3 100644
--- a/dirmngr/dirmngr_ldap.c
+++ b/dirmngr/dirmngr_ldap.c
@@ -641,6 +641,18 @@ fetch_ldap (my_opt_t myopt, const char *url, const LDAPURLDesc *ludp)
   /* Fixme:  Can we use MYOPT->user or is it shared with other theeads?.  */
   ret = my_ldap_simple_bind_s (ld, myopt->user, myopt->pass);
   npth_protect ();
+#ifdef LDAP_VERSION3
+  if (ret == LDAP_PROTOCOL_ERROR)
+    {
+      int version = LDAP_VERSION3;
+      /* Protocol error could mean that the server only supports v3 */
+      npth_unprotect ();
+      log_debug ("Protocol error, retrying bind with V3 Protocol. \n");
+      ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION, &version);
+      ret = my_ldap_simple_bind_s (ld, myopt->user, myopt->pass);
+      npth_protect ();
+    }
+#endif
   if (ret)
     {
       log_error (_("binding to '%s:%d' failed: %s\n"),