From 4031750cbbf7d8c7803ed7379d42c1c1b4805a85 Mon Sep 17 00:00:00 2001
From: Arthur de Jong <arthur@arthurdejong.org>
Date: Fri, 26 Jul 2013 23:43:40 +0200
Subject: Properly handle start_tls in pynslcd

---
 pynslcd/search.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/pynslcd/search.py b/pynslcd/search.py
index f8c82fb..4c6f243 100644
--- a/pynslcd/search.py
+++ b/pynslcd/search.py
@@ -53,6 +53,10 @@ class Connection(ldap.ldapobject.ReconnectLDAPObject):
         # TODO: register a connection callback (like dis?connect_cb() in myldap.c)
         if cfg.ssl or cfg.uri.startswith('ldaps://'):
             self.set_option(ldap.OPT_X_TLS, ldap.OPT_X_TLS_HARD)
+        # TODO: the following should probably be done on the first search
+        #       together with binding, not when creating the connection object
+        if cfg.ssl == 'STARTTLS':
+            self.start_tls_s()
 
     def reconnect_after_fail(self):
         import invalidator
-- 
cgit v1.2.3-54-g00ecf