[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP-Client TLS

To: openldap-technical@openldap.org
Subject: Re: OpenLDAP-Client TLS
From: btb <btb@bitrate.net>
Date: Fri, 16 Nov 2012 08:38:19 -0500
In-reply-to: <OF11718ECA.53E52CBB-ONC1257AB8.002EA2AD-C1257AB8.003014AD@BeldenCDT.com>
References: <OF11718ECA.53E52CBB-ONC1257AB8.002EA2AD-C1257AB8.003014AD@BeldenCDT.com>
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/17.0 Thunderbird/17.0

On 2012.11.16 03.45, Martin.Heinzmann@belden.com wrote:

Hi,
i am trying to write my own client which connects to an active directory
and searches for an user. So far it works, i call "ldap_initialize", set
version 3, "ldap_simple_bind_s" and then search the directory.
Now i want the connection to be secure by executing a "Simple TLS
handshake". I changed my hostname variable to "ldaps://ip:636" and tried
"ldap_start_tls_s(ld,NULL,NULL)" before the bind but get a "cant contact
ldap server" error. I think my active directory is configured the right
way because with JXplorer it works over ssl and port 636.

Does anyone know which functions i have to call so a successful tls
connection will be set up?

i know very little about libldap and its routines, but i do know thatldaps is not starttls, and starttls is not 636.

man 3 ldap_start_tls_s seems to specifically indicate that routine isstrictly for starttls, not ldaps. that would mean that you should beconnecting to the regular ldap port [389] - e.g. "ldap://hostname/";, andthen using ldap_start_tls_s. that wouldn't work with ldaps/636 [andldaps is deprecated anyway].


-ben

References:
- OpenLDAP-Client TLS
  - From: Martin.Heinzmann@belden.com

Prev by Date: Re: OpenLDAP-Client TLS
Next by Date: Re: DN matching rules
Index(es):
- Chronological
- Thread