[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#7843) ldap_set_option on LDAP not working

Full_Name: Kory Prince
Version: 2.4.39
OS: Linux (Arch/Ubuntu)
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (

Consider the following code:

#include <stdio.h>
#include <ldap.h>

void main() {
    LDAP *ld;
    int status = ldap_initialize(&ld, "ldaps://server:636");
    if (status == LDAP_SUCCESS) {
        printf("initialize success\n");
    status = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE,
    status = ldap_simple_bind_s(ld, "bindDN", "pass");
    if (status == LDAP_SUCCESS) {
        printf("bind success\n");
    else {
        printf("%s\n", ldap_err2string(status));

This works as expected. However changing the set_option line to 

status = ldap_set_option(ld, LDAP_OPT_X_TLS_CACERTFILE,

(setting the option on the LDAP) causes the bind to fail. 

Using python-ldap gives me a bit more info:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
failed (unable to get local issuer certificate)

I have compiled libldap 2.4.39 on Arch and Ubuntu and am getting the same

Interestingly enough, the version that comes packaged on Ubuntu 12.04 (2.4.28)
works fine, but compiling that version myself gives the same error.