Guess what? Just picked up a pearl in the sea of internet:
http://www.mailinglistarchive.com/[email protected]/msg57688.html
Basically, it seems to be a feature introduced since the beginning of
openldap 2.4 version. We need to set LDAP_OPT_X_TLS_REQUIRE_CERT on an ldap
handle (already initialized), and set LDAP_OPT_X_TLS_NEWCTX (with a value
0) thereafter:
rc = ldap_set_option(ld, LDAP_OPT_X_TLS_REQUIRE_CERT,
&require_cert);
assert(rc == LDAP_OPT_SUCCESS);
rc = ldap_set_option(ld, LDAP_OPT_X_TLS_NEWCTX, &am_server); //
am_server is 1, only if the code is compiled for server
assert(rc == LDAP_OPT_SUCCESS);
Now the option works as per connection, rather than as per process.
Cheers,
Qiang
