Only issue a bind after STARTTLS has completed.

Issue: 19 Submitted by: mail [at] tinloaf.de
threerings · Feb 25, 2012 · 4a87c1a · 4a87c1a
1 parent 2d1568c
commit 4a87c1a
Showing 1 changed file with 8 additions and 8 deletions.
diff --git a/src/auth-ldap.m b/src/auth-ldap.m
@@ -278,14 +278,6 @@ static BOOL pf_open(struct ldap_ctx *ctx) {
             goto error;
     }
 
-    /* Bind if requested */
-    if ([config bindDN]) {
-        if (![ldap bindWithDN: [config bindDN] password: [config bindPassword]]) {
-            [TRLog error: "Unable to bind as %s", [[config bindDN] cString]];
-            goto error;
-        }
-    }
-
     /* Certificate file */
     if ((value = [config tlsCACertFile])) 
         if (![ldap setTLSCACertFile: value])
@@ -311,6 +303,14 @@ static BOOL pf_open(struct ldap_ctx *ctx) {
         if (![ldap startTLS])
             goto error;
 
+    /* Bind if requested */
+    if ([config bindDN]) {
+        if (![ldap bindWithDN: [config bindDN] password: [config bindPassword]]) {
+            [TRLog error: "Unable to bind as %s", [[config bindDN] cString]];
+            goto error;
+        }
+    }
+
     return ldap;
 
     error: