lib-dict: Add option to enforce SSL

src/lib-dict/dict-ldap-settings.c

@@ -209,6 +209,16 @@ parse_setting(const char *key, const char *value,
 			}
 			return NULL;
 		}
+		if (strcmp(key, "require_ssl") == 0) {
+			if (strcasecmp(value, "yes") == 0) {
+				ctx->set->require_ssl = TRUE;
+			} else if (strcasecmp(value, "no") == 0) {
+				ctx->set->require_ssl = FALSE;
+			} else {
+				return "require_ssl must be either yes or no";
+			}
+			return NULL;
+		}
 		break;
 	case SECTION_MAP:
 		return parse_setting_from_defs(ctx->pool,

src/lib-dict/dict-ldap-settings.h

@@ -25,6 +25,7 @@ struct dict_ldap_settings {
 	unsigned int max_idle_time;
 	unsigned int debug;
 	unsigned int max_attribute_count;
+	bool require_ssl;
 	ARRAY(struct dict_ldap_map) maps;
 };
 

src/lib-dict/dict-ldap.c

@@ -160,6 +160,7 @@ int dict_ldap_connect(struct ldap_dict *dict, const char **error_r)
 	set.timeout_secs = dict->set->timeout;
 	set.max_idle_time_secs = dict->set->max_idle_time;
 	set.debug = dict->set->debug;
+	set.require_ssl = dict->set->require_ssl;
 	return ldap_client_init(&set, &dict->client, error_r);
 }