Resolves: bug 469261

Bug Description: Support server-to-server SASL - part 4 - pta, winsync
Reviewed by: nhosoi (Thanks!)
Fix Description: Allow pass through auth (PTA) to use starttls.  PTA uses the old style argv config params, so I just added an optional starttls (0, 1) to the end of the list, since there is currently no way to encode the startTLS extop in the LDAP URL.  NOTE: adding support for true pass through auth for sasl or external cert auth will require a lot of work - not sure it's worth it - anyone other than console users can use chaining backend instead.
For windows sync, I just ported the same slapi_ldap_init/slapi_ldap_bind changes made to regular replication to the windows specific code.  The Windows code still needs the do_simple_bind function to check the windows password, but it is not used for server to server bind anymore.  NOTE: Windows does support startTLS, but I did not test the SASL mechanisms with Windows.
Platforms tested: Fedora 9
Flag Day: no
Doc impact: yes

1 files changed, 3 insertions, 2 deletions

diff --git a/ldap/servers/plugins/replication/repl5_connection.c b/ldap/servers/plugins/replication/repl5_connection.c
index 027f8c1c..03d61897 100644
--- a/ldap/servers/plugins/replication/repl5_connection.c
+++ b/ldap/servers/plugins/replication/repl5_connection.c
@@ -991,9 +991,10 @@ conn_connect(Repl_Connection *conn)
 			conn->last_operation = CONN_INIT;
 			conn->last_ldap_error = LDAP_LOCAL_ERROR;
 			slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
-				"%s: Failed to establish %sconnection to the consumer\n",
+				"%s: Failed to establish %s%sconnection to the consumer\n",
 				agmt_get_long_name(conn->agmt),
-				secure ? "secure " : "");
+				secure ? "secure " : "",
+				(secure == 2) ? "startTLS " : "");
 			ber_bvfree(creds);
 			creds = NULL;
 			return return_value;