Decouple ldap-ssl-ads from ldap-ssl option

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14439

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

WHATSNEW.txt

@@ -17,6 +17,12 @@ NEW FEATURES/CHANGES
 ====================
 
 
+The "ldap ssl ads" option no longer depends on "ldap ssl" option:
+-----------------------------------------------------------------
+With this release, the "ldap ssl ads" can be set to "yes" even if "ldap ssl"
+is off.
+
+
 REMOVED FEATURES
 ================
 

docs-xml/smbdotconf/ldap/ldapsslads.xml

@@ -7,13 +7,10 @@
 	<para>This option is used to define whether or not Samba should
 	use SSL when connecting to the ldap server using
 	<emphasis>ads</emphasis> methods.
-	Rpc methods are not affected by this parameter. Please note, that
-	this parameter won't have any effect if <smbconfoption name="ldap ssl"/>
-	is set to <parameter>no</parameter>.
+	Rpc methods are not affected by this parameter.
 	</para>
 
-	<para>See <refentrytitle>smb.conf</refentrytitle><manvolnum>5</manvolnum>
-	for more information on <smbconfoption name="ldap ssl"/>.
+	<para>See also <smbconfoption name="ldap ssl"/>.
 	</para>
 
 </description>

source3/include/smbldap.h

@@ -72,6 +72,7 @@ int smbldap_modify(struct smbldap_state *ldap_state,
                    const char *dn,
                    LDAPMod *attrs[]);
 int smbldap_start_tls(LDAP *ldap_struct, int version);
+int smbldap_start_tls_start(LDAP *ldap_struct, int version);
 int smbldap_setup_full_conn(LDAP **ldap_struct, const char *uri);
 int smbldap_search(struct smbldap_state *ldap_state,
 		   const char *base, int scope, const char *filter,

source3/lib/ABI/smbldap-2.1.0.sigs

@@ -0,0 +1,33 @@
+smbldap_add: int (struct smbldap_state *, const char *, LDAPMod **)
+smbldap_delete: int (struct smbldap_state *, const char *)
+smbldap_extended_operation: int (struct smbldap_state *, const char *, struct berval *, LDAPControl **, LDAPControl **, char **, struct berval **)
+smbldap_free_struct: void (struct smbldap_state **)
+smbldap_get_ldap: LDAP *(struct smbldap_state *)
+smbldap_get_paged_results: bool (struct smbldap_state *)
+smbldap_get_single_attribute: bool (LDAP *, LDAPMessage *, const char *, char *, int)
+smbldap_has_control: bool (LDAP *, const char *)
+smbldap_has_extension: bool (LDAP *, const char *)
+smbldap_has_naming_context: bool (LDAP *, const char *)
+smbldap_init: NTSTATUS (TALLOC_CTX *, struct tevent_context *, const char *, bool, const char *, const char *, struct smbldap_state **)
+smbldap_make_mod: void (LDAP *, LDAPMessage *, LDAPMod ***, const char *, const char *)
+smbldap_make_mod_blob: void (LDAP *, LDAPMessage *, LDAPMod ***, const char *, const DATA_BLOB *)
+smbldap_modify: int (struct smbldap_state *, const char *, LDAPMod **)
+smbldap_pull_sid: bool (LDAP *, LDAPMessage *, const char *, struct dom_sid *)
+smbldap_search: int (struct smbldap_state *, const char *, int, const char *, const char **, int, LDAPMessage **)
+smbldap_search_paged: int (struct smbldap_state *, const char *, int, const char *, const char **, int, int, LDAPMessage **, void **)
+smbldap_search_suffix: int (struct smbldap_state *, const char *, const char **, LDAPMessage **)
+smbldap_set_bind_callback: void (struct smbldap_state *, smbldap_bind_callback_fn, void *)
+smbldap_set_creds: bool (struct smbldap_state *, bool, const char *, const char *)
+smbldap_set_mod: void (LDAPMod ***, int, const char *, const char *)
+smbldap_set_mod_blob: void (LDAPMod ***, int, const char *, const DATA_BLOB *)
+smbldap_set_paged_results: void (struct smbldap_state *, bool)
+smbldap_setup_full_conn: int (LDAP **, const char *)
+smbldap_start_tls: int (LDAP *, int)
+smbldap_start_tls_start: int (LDAP *, int)
+smbldap_talloc_autofree_ldapmod: void (TALLOC_CTX *, LDAPMod **)
+smbldap_talloc_autofree_ldapmsg: void (TALLOC_CTX *, LDAPMessage *)
+smbldap_talloc_dn: char *(TALLOC_CTX *, LDAP *, LDAPMessage *)
+smbldap_talloc_first_attribute: char *(LDAP *, LDAPMessage *, const char *, TALLOC_CTX *)
+smbldap_talloc_single_attribute: char *(LDAP *, LDAPMessage *, const char *, TALLOC_CTX *)
+smbldap_talloc_single_blob: bool (TALLOC_CTX *, LDAP *, LDAPMessage *, const char *, DATA_BLOB *)
+smbldap_talloc_smallest_attribute: char *(LDAP *, LDAPMessage *, const char *, TALLOC_CTX *)

source3/lib/smbldap.c

@@ -598,20 +598,27 @@ static void smbldap_store_state(LDAP *ld, struct smbldap_state *smbldap_state)
 }
 
 /********************************************************************
- start TLS on an existing LDAP connection
+ start TLS on an existing LDAP connection per config
 *******************************************************************/
 
 int smbldap_start_tls(LDAP *ldap_struct, int version)
-{ 
-#ifdef LDAP_OPT_X_TLS
-	int rc,tls;
-#endif
-
+{
 	if (lp_ldap_ssl() != LDAP_SSL_START_TLS) {
 		return LDAP_SUCCESS;
 	}
 
+	return smbldap_start_tls_start(ldap_struct, version);
+}
+
+/********************************************************************
+ start TLS on an existing LDAP connection unconditionally
+*******************************************************************/
+
+int smbldap_start_tls_start(LDAP *ldap_struct, int version)
+{
 #ifdef LDAP_OPT_X_TLS
+	int rc,tls;
+
 	/* check if we use ldaps already */
 	ldap_get_option(ldap_struct, LDAP_OPT_X_TLS, &tls);
 	if (tls == LDAP_OPT_X_TLS_HARD) {

source3/libads/ldap.c

@@ -703,7 +703,7 @@ got_connection:
 	ldap_set_option(ads->ldap.ld, LDAP_OPT_PROTOCOL_VERSION, &version);
 
 	if ( lp_ldap_ssl_ads() ) {
-		status = ADS_ERROR(smbldap_start_tls(ads->ldap.ld, version));
+		status = ADS_ERROR(smbldap_start_tls_start(ads->ldap.ld, version));
 		if (!ADS_ERR_OK(status)) {
 			goto out;
 		}

source3/wscript_build

@@ -501,7 +501,7 @@ bld.SAMBA3_LIBRARY('smbldap',
                     abi_directory='lib/ABI',
                     abi_match='smbldap_*',
                     pc_files=[],
-                    vnum='2',
+                    vnum='2.1.0',
                     public_headers='include/smbldap.h include/smb_ldap.h')
 
 bld.SAMBA3_LIBRARY('ads',