# HG changeset patch
# User Timo Sirainen <tss@iki.fi>
# Date 1204672260 -7200
# Node ID 0c7dc0b0bb7b3a8dac39a69e21f5805154ccc21c
# Parent  57ae4181bb32d145c984236e4e01acf9065fe6f7
Fail with a clear error if both tls=yes and ldaps:// URI is used.

diff -r 57ae4181bb32 -r 0c7dc0b0bb7b src/auth/db-ldap.c
--- a/src/auth/db-ldap.c	Wed Mar 05 00:57:17 2008 +0200
+++ b/src/auth/db-ldap.c	Wed Mar 05 01:11:00 2008 +0200
@@ -760,6 +760,11 @@
 #ifdef LDAP_HAVE_START_TLS_S
 		ret = ldap_start_tls_s(conn->ld, NULL, NULL);
 		if (ret != LDAP_SUCCESS) {
+			if (ret == LDAP_OPERATIONS_ERROR &&
+			    strncmp(conn->set.uris, "ldaps:", 6) == 0) {
+				i_fatal("LDAP: Don't use both tls=yes "
+					"and ldaps URI");
+			}
 			i_error("LDAP: ldap_start_tls_s() failed: %s",
 				ldap_err2string(ret));
 			return -1;