From ccaab3da7633caa2761d51726da2d3fc3ae6d696 Mon Sep 17 00:00:00 2001
From: Aki Tuomi <aki.tuomi@dovecot.fi>
Date: Mon, 11 Apr 2016 22:56:40 +0300
Subject: [PATCH] lib-dict: Add option to enforce SSL

---
 src/lib-dict/dict-ldap-settings.c | 10 ++++++++++
 src/lib-dict/dict-ldap-settings.h |  1 +
 src/lib-dict/dict-ldap.c          |  1 +
 3 files changed, 12 insertions(+)

diff --git a/src/lib-dict/dict-ldap-settings.c b/src/lib-dict/dict-ldap-settings.c
index 2d498170fb..df793a5b73 100644
--- a/src/lib-dict/dict-ldap-settings.c
+++ b/src/lib-dict/dict-ldap-settings.c
@@ -209,6 +209,16 @@ parse_setting(const char *key, const char *value,
 			}
 			return NULL;
 		}
+		if (strcmp(key, "require_ssl") == 0) {
+			if (strcasecmp(value, "yes") == 0) {
+				ctx->set->require_ssl = TRUE;
+			} else if (strcasecmp(value, "no") == 0) {
+				ctx->set->require_ssl = FALSE;
+			} else {
+				return "require_ssl must be either yes or no";
+			}
+			return NULL;
+		}
 		break;
 	case SECTION_MAP:
 		return parse_setting_from_defs(ctx->pool,
diff --git a/src/lib-dict/dict-ldap-settings.h b/src/lib-dict/dict-ldap-settings.h
index a56b300e22..dadd32121b 100644
--- a/src/lib-dict/dict-ldap-settings.h
+++ b/src/lib-dict/dict-ldap-settings.h
@@ -25,6 +25,7 @@ struct dict_ldap_settings {
 	unsigned int max_idle_time;
 	unsigned int debug;
 	unsigned int max_attribute_count;
+	bool require_ssl;
 	ARRAY(struct dict_ldap_map) maps;
 };
 
diff --git a/src/lib-dict/dict-ldap.c b/src/lib-dict/dict-ldap.c
index 8b64739132..6344681bee 100644
--- a/src/lib-dict/dict-ldap.c
+++ b/src/lib-dict/dict-ldap.c
@@ -160,6 +160,7 @@ int dict_ldap_connect(struct ldap_dict *dict, const char **error_r)
 	set.timeout_secs = dict->set->timeout;
 	set.max_idle_time_secs = dict->set->max_idle_time;
 	set.debug = dict->set->debug;
+	set.require_ssl = dict->set->require_ssl;
 	return ldap_client_init(&set, &dict->client, error_r);
 }