++ ld = NULL;
++#ifdef HAVE_LDAPSSL_INIT
++ if (options.host != NULL) {
++ if (options.ssl_on == SSL_LDAPS) {
++ if ((rc = ldapssl_client_init (options.sslpath, NULL)) != LDAP_SUCCESS)
++ fatal ("ldapssl_client_init %s", ldap_err2string (rc));
++ debug3 ("LDAPssl client init");
++ }
++
++ if (options.ssl_on != SSL_OFF) {
++ if ((ld = ldapssl_init (options.host, options.port, TRUE)) == NULL)
++ fatal ("ldapssl_init failed");
++ debug3 ("LDAPssl init");
++ }
++ }
++#endif /* HAVE_LDAPSSL_INIT */
++
++ /* continue with opening */
++ if (ld == NULL) {
++#if defined (HAVE_LDAP_START_TLS_S) || (defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_X_TLS))
++ /* Some global TLS-specific options need to be set before we create our
++ * session context, so we set them here. */
++
++#ifdef LDAP_OPT_X_TLS_RANDOM_FILE
++ /* rand file */
++ if (options.tls_randfile != NULL) {
++ if ((rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_RANDOM_FILE,
++ options.tls_randfile)) != LDAP_SUCCESS)
++ fatal ("ldap_set_option(LDAP_OPT_X_TLS_RANDOM_FILE): %s",
++ ldap_err2string (rc));
++ debug3 ("Set TLS random file %s", options.tls_randfile);
++ }
++#endif /* LDAP_OPT_X_TLS_RANDOM_FILE */
++
++ /* ca cert file */
++ if (options.tls_cacertfile != NULL) {
++ if ((rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_CACERTFILE,
++ options.tls_cacertfile)) != LDAP_SUCCESS)
++ error ("ldap_set_option(LDAP_OPT_X_TLS_CACERTFILE): %s",
++ ldap_err2string (rc));
++ debug3 ("Set TLS CA cert file %s ", options.tls_cacertfile);
++ }
++
++ /* ca cert directory */
++ if (options.tls_cacertdir != NULL) {
++ if ((rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_CACERTDIR,
++ options.tls_cacertdir)) != LDAP_SUCCESS)
++ fatal ("ldap_set_option(LDAP_OPT_X_TLS_CACERTDIR): %s",
++ ldap_err2string (rc));
++ debug3 ("Set TLS CA cert dir %s ", options.tls_cacertdir);
++ }
++
++ /* require cert? */
++ if ((rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_REQUIRE_CERT,
++ &options.tls_checkpeer)) != LDAP_SUCCESS)
++ fatal ("ldap_set_option(LDAP_OPT_X_TLS_REQUIRE_CERT): %s",
++ ldap_err2string (rc));
++ debug3 ("Set TLS check peer to %d ", options.tls_checkpeer);
++
++ /* set cipher suite, certificate and private key: */
++ if (options.tls_ciphers != NULL) {
++ if ((rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_CIPHER_SUITE,
++ options.tls_ciphers)) != LDAP_SUCCESS)
++ fatal ("ldap_set_option(LDAP_OPT_X_TLS_CIPHER_SUITE): %s",
++ ldap_err2string (rc));
++ debug3 ("Set TLS ciphers to %s ", options.tls_ciphers);
++ }
++
++ /* cert file */
++ if (options.tls_cert != NULL) {
++ if ((rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_CERTFILE,
++ options.tls_cert)) != LDAP_SUCCESS)
++ fatal ("ldap_set_option(LDAP_OPT_X_TLS_CERTFILE): %s",
++ ldap_err2string (rc));
++ debug3 ("Set TLS cert file %s ", options.tls_cert);
++ }
++
++ /* key file */
++ if (options.tls_key != NULL) {
++ if ((rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_KEYFILE,
++ options.tls_key)) != LDAP_SUCCESS)
++ fatal ("ldap_set_option(LDAP_OPT_X_TLS_KEYFILE): %s",
++ ldap_err2string (rc));
++ debug3 ("Set TLS key file %s ", options.tls_key);
++ }
++#endif
++#ifdef HAVE_LDAP_INITIALIZE
++ if (options.uri != NULL) {
++ if ((rc = ldap_initialize (&ld, options.uri)) != LDAP_SUCCESS)
++ fatal ("ldap_initialize %s", ldap_err2string (rc));
++ debug3 ("LDAP initialize %s", options.uri);
++ }
++ }
++#endif /* HAVE_LDAP_INTITIALIZE */
++
++ /* continue with opening */
++ if ((ld == NULL) && (options.host != NULL)) {
++#ifdef HAVE_LDAP_INIT
++ if ((ld = ldap_init (options.host, options.port)) == NULL)
++ fatal ("ldap_init failed");
++ debug3 ("LDAP init %s:%d", options.host, options.port);
++#else
++ if ((ld = ldap_open (options.host, options.port)) == NULL)
++ fatal ("ldap_open failed");
++ debug3 ("LDAP open %s:%d", options.host, options.port);
++#endif /* HAVE_LDAP_INIT */
++ }
++
++ if (ld == NULL)
++ fatal ("no way to open ldap");
++
++#if defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_X_TLS)
++ if (options.ssl == SSL_LDAPS) {
++ if ((rc = ldap_set_option (ld, LDAP_OPT_X_TLS, &options.tls_checkpeer)) != LDAP_SUCCESS)
++ fatal ("ldap_set_option(LDAP_OPT_X_TLS) %s", ldap_err2string (rc));
++ debug3 ("LDAP set LDAP_OPT_X_TLS_%d", options.tls_checkpeer);
++ }
++#endif /* LDAP_OPT_X_TLS */
++
++#if defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_PROTOCOL_VERSION)
++ (void) ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION,
++ &options.ldap_version);
++#else
++ ld->ld_version = options.ldap_version;
++#endif
++ debug3 ("LDAP set version to %d", options.ldap_version);