[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: openldap and SSL with AD

To: Daniel Barron <ldaplist@jadeb.com>, openldap-software@OpenLDAP.org
Subject: Re: openldap and SSL with AD
From: Norbert Klasen <norbert+lists.openldap-software@burgundy.dyndns.org>
Date: Thu, 13 Feb 2003 18:31:14 +0100
Content-disposition: inline
In-reply-to: <af542ac44b.ldaplist@jadeb.com>
References: <af542ac44b.ldaplist@jadeb.com>

--On Donnerstag, 13. Februar 2003 14:49 +0000 Daniel Barron <ldaplist@jadeb.com> wrote:

I have set up the win2k AD to work with LDAPS on port 636 and I have
tested it to work with an windows ldap browser that works over SSL.  So
all that bits done.

But I have no idea how to change the code to make it connect using LDAPS.

I tried ldapsearch with the -ZZ option and -p 636 but all I got was:
ldap_init( 192.168.72.230, 636 )
ldap_start_tls: Can't contact LDAP server

You're mixing START_TLS (which normally uses port 389) and LDAPS. The -ZZ option requires START_TLS which is not supported by AD. Try using ldap_initilize("ldaps://192.168.72.230"). Unless you're server certificate containes a subjectAltName extension of type ip address, you'll also need to use the server's FQDN instead of its IP.

See also http://www.openldap.org/faq/data/cache/185.html

Norbert

Follow-Ups:
- Re: openldap and SSL with AD
  - From: Daniel Barron <ldaplist@jadeb.com>

References:
- openldap and SSL with AD
  - From: Daniel Barron <ldaplist@jadeb.com>

Prev by Date: RE: openldap and SSL with AD
Next by Date: Re: Can't contact LDAP server
Index(es):
- Chronological
- Thread