From 01897ebb9ef00e81c1ce56a2db93bf5be9fa7475 Mon Sep 17 00:00:00 2001
From: Fredrik Thulin <fredrik@yubico.com>
Date: Thu, 3 Mar 2011 10:31:30 +0100
Subject: [PATCH] Use LDAPv3 instead of LDAPv2.

LDAPv2 was declared historical in 2003, and is now not supported by
for example Mac OS X Server's Open Directory.
Patch by maxsanna81@gmail.com.
---
 pam_yubico.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pam_yubico.c b/pam_yubico.c
index 21dc98e..ebadfc2 100644
--- a/pam_yubico.c
+++ b/pam_yubico.c
@@ -220,6 +220,7 @@ authorize_user_token_ldap (const char *ldap_uri,
 
   D(("called"));
   int retval = 0;
+  int protocol;
 #ifdef HAVE_LIBLDAP
   LDAP *ld;
   LDAPMessage *result, *e;
@@ -272,6 +273,10 @@ authorize_user_token_ldap (const char *ldap_uri,
 	}
     }
 
+  /* LDAPv2 is historical -- RFC3494. */
+  protocol = LDAP_VERSION3;
+  ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION, &protocol);
+
   /* Bind anonymously to the LDAP server. */
   rc = ldap_simple_bind_s (ld, NULL, NULL);
   if (rc != LDAP_SUCCESS)