Only in .: Makefile
diff -u ../auth_ldap-1.6.0/auth_ldap.c ./auth_ldap.c
--- ../auth_ldap-1.6.0/auth_ldap.c	Wed Jul  4 07:38:03 2001
+++ ./auth_ldap.c	Thu Jan  2 15:13:29 2003
@@ -186,6 +186,20 @@
     }
 #endif /* LDAP_SDK_VERSION */
 
+    /* make sure that if we are trying to use startTLS, we've got version 3. */
+    if (sec->starttls)
+      sec->version = LDAP_VERSION3;
+
+    /* set the LDAP protocol version. */
+    if (result = ldap_set_option(sec->ldc->ldap, LDAP_OPT_PROTOCOL_VERSION,
+                                 &(sec->version)) != LDAP_SUCCESS) {
+      ap_log_rerror(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, r,
+                    "Setting LDAP version option failed: %s", 
+                    ldap_err2string(result));
+    }
+
+
+    
 #ifdef WITH_SSL
     if (sec->secure) {
       ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, r,
@@ -215,7 +229,6 @@
 
 #ifdef HAVE_TLS
     if (sec->starttls) {
-      int version = LDAP_VERSION3;
       /* 
 	 In auth_ldap_find_connection, we compare ldc->withtls to
 	 sec->starttls to see if we have a cache match. On the off
@@ -223,16 +236,6 @@
 	 some other true value besides 1, we set it to 1 here to ensure
 	 that the comparison succeeds.
       */
-
-      /* Also we have to set the connection to use protocol version 3,
-	 since we're using TLS. */
-      if (result = ldap_set_option(sec->ldc->ldap, LDAP_OPT_PROTOCOL_VERSION,
-				   &version) != LDAP_SUCCESS) {
-	ap_log_rerror(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, r,
-		      "Setting LDAP version option failed: %s", 
-		      ldap_err2string(result));
-      }
-
       sec->starttls = 1;
       ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, r,
 		    "{%d} Starting TLS for this connection", 
@@ -1004,6 +1007,10 @@
    "values \"never\", \"searching\", \"finding\", or \"always\". "
    "Defaults to always."},
 
+  {"AuthLDAPVersion", auth_ldap_set_version, NULL, OR_AUTHCFG, TAKE1,
+   "Set the LDAP Version that will be used to talk to the LDAP server.  "
+   "May be 2 or 3.  If you are using StartTLS, version 3 is forced."},
+  
   {"AuthLDAPEnabled", ap_set_flag_slot,
    (void *)XtOffsetOf(auth_ldap_config_rec, enabled), OR_AUTHCFG, FLAG,
    "Set to off to disable auth_ldap, even if it's been enabled in a higher tree"
Only in .: auth_ldap.c~
diff -u ../auth_ldap-1.6.0/auth_ldap.h ./auth_ldap.h
--- ../auth_ldap-1.6.0/auth_ldap.h	Sat Apr  7 13:20:17 2001
+++ ./auth_ldap.h	Thu Jan  2 15:06:28 2003
@@ -259,7 +259,8 @@
 #ifdef HAVE_TLS
   int starttls;                 /* True if StartTLS */
 #endif
-    
+
+  int version;                  /* used to store the LDAP_VERSION param.*/
 } auth_ldap_config_rec;
 
 struct groupattr_entry {
@@ -323,6 +324,8 @@
 					   auth_ldap_config_rec *sec, char *f);
 extern const char *auth_ldap_set_deref(cmd_parms *cmd, 
 				       auth_ldap_config_rec *sec, char *f);
+extern const char *auth_ldap_set_version(cmd_parms *cmd, 
+				       auth_ldap_config_rec *sec, char *f);
 extern void *create_auth_ldap_config(pool *p, server_rec *s);
 extern int auth_ldap_display_info(request_rec *r);
 extern const char *auth_ldap_version;
Only in .: auth_ldap.h~
Only in .: auth_ldap.o
Only in .: auth_ldap.so
diff -u ../auth_ldap-1.6.0/auth_ldap.xml ./auth_ldap.xml
--- ../auth_ldap-1.6.0/auth_ldap.xml	Wed Jul  4 07:38:54 2001
+++ ./auth_ldap.xml	Thu Jan  2 15:18:19 2003
@@ -661,7 +661,7 @@
 	    LDAP, use <vartext>ldaps</vartext> instead. Secure LDAP is only
 	    available if &authldap; was compiled with SSL
 	    support.
-	  </td>
+  </td>
 	</tr>
 	<tr valign="top">
 	  <td colspan="1" align="left">host:port</td>
@@ -765,6 +765,17 @@
 
     </directive-doc>
 
+    <directive-doc name="AuthLDAPVersion" context="directory, .htaccess" override="AuthConfig" status="Extension" module="auth_ldap">
+      <syntax>
+	<syn-flag default="2"/>
+      </syntax>
+
+      <p>
+	Set to the version of the LDAP protocol you want to use, either 2 
+	or 3.  If you are using StartTLS, version 3 will be forced.
+      </p>
+    </directive-doc>
+
   </section>
 
   <section title="The require Directives" anchor="requiredirectives">
Only in .: auth_ldap.xml~
Only in .: auth_ldap_cache.o
Only in .: auth_ldap_cache_mgr.o
diff -u ../auth_ldap-1.6.0/auth_ldap_config.c ./auth_ldap_config.c
--- ../auth_ldap-1.6.0/auth_ldap_config.c	Wed Jul  4 07:40:00 2001
+++ ./auth_ldap_config.c	Thu Jan  2 15:14:51 2003
@@ -50,6 +50,8 @@
   sec->user_is_dn = 0;
   sec->compare_dn_on_server = 0;
 
+  sec->version = LDAP_VERSION2;
+  
   return sec;
 }
 
@@ -182,6 +184,16 @@
   return NULL;
 }
 
+const char *
+auth_ldap_set_version(cmd_parms *cmd, auth_ldap_config_rec *sec, char *arg)
+{
+  int version = atoi(arg);
+  if (version != 2 && version != 3)
+    return "AuthLDAPVersion must be either 2 or 3";
+  sec->version = version;
+  return NULL;
+}
+
 const char *
 auth_ldap_add_group_attribute(cmd_parms *cmd, auth_ldap_config_rec *sec, char *arg)
 {
Only in .: auth_ldap_config.c~
Only in .: auth_ldap_config.o
Only in .: config.cache
Only in .: config.log
Only in .: config.status