#
# Patch which enables access to LDAP database via LDAPI 
# 
# configuration for login.conf:
# :x-ldap-use-ldapi:\
# :x-ldap-server=/path/to/ldapi/socket:\
#  
# Can be placed directly into ports (login_ldap/patches) dir 
#
# Tested with login_ldap-3.3 and OpenBSD-3.9
#
# Auth: Maxim Bourmistrov, maximATchl.chalmers.se (maximATopenbsd.nu)
#

--- login_ldap.c.orig	Tue Jan 23 18:58:43 2007
+++ login_ldap.c	Tue Jan 23 19:05:04 2007
@@ -66,6 +66,7 @@
 #define CAP_LDAP_BASEDN		"x-ldap-basedn"
 #define CAP_LDAP_FILTER		"x-ldap-filter"
 #define CAP_LDAP_TLS		"x-ldap-use-tls" /* bool */
+#define CAP_LDAP_LDAPI		"x-ldap-use-ldapi" /* bool */
 #define CAP_LDAP_BINDDN		"x-ldap-binddn"
 #define CAP_LDAP_BINDPW 	"x-ldap-bindpw"
 #define CAP_LDAP_GROUPFILTER 	"x-ldap-groupfilter"
@@ -654,11 +655,16 @@
 	 * so, something like ldaps://:123/ is still ok  
 	 */
 
-	if (login_getcapbool(lc, CAP_LDAP_TLS, 0) != 0) 
+	if(login_getcapbool(lc, CAP_LDAP_LDAPI, 0) != 0) {
+		snprintf(ldapuri, sizeof(ldapuri), "ldapi://");
+		goto out;
+	} else if(login_getcapbool(lc, CAP_LDAP_TLS, 0) != 0) {
 		snprintf(ldapuri, sizeof(ldapuri), "ldaps://");
-	else
+	} else {
 		snprintf(ldapuri, sizeof(ldapuri), "ldap://");
-		
+	}
+
+
 	if (server && strlcat(ldapuri, server, sizeof(ldapuri)) >= 
 	    sizeof(ldapuri)) {
 		syslog(LOG_ERR, CAP_LDAP_SERVER " (%s) made ldap uri too long:"
@@ -684,7 +690,8 @@
 		    (int)port, ldapuri);
 		return(LA_FAIL_FATAL);
 	}
-			
+
+out:			
 	p = strdup(ldapuri);
 	if (p == NULL) {
 		syslog(LOG_ERR, "%m");