RE: Connect to LDAP via ssl failed

["Rechenberg, Andrew" <arechenberg@shermfin.com>]

WRT Active Directory, I believe that the AD server has to have a valid
certificate with the fully qualified domain name of the server as the CN
in the certificate.  I had the same problem not being able to connect to
an Active Directory via SSL with ldapsearch from Red Hat Linux and the
certificate that was issued to the AD server by our MS CA had expired.  

I generated a new certificate with OpenSSL, imported it into the
Personal Computer store, and the Trusted Root CA store on the AD server,
and then I was able to use SSL with ldapsearch to connect to the AD
server.

If I'm way off on this one, someone please correct me.

Regards,
Andy.


-----Original Message-----
From: afardong [mailto:afardong@263.sina.com] 
Sent: Thursday, December 05, 2002 1:38 AM
To: openldap-software@OpenLDAP.org
Subject: Connect to LDAP via ssl failed


Hi,

I am trying to perform some searching jobs wish VC from remote LDAP
Server or Active Directory. The job is divided into the following steps:
ldap_init, ldap_set_option(version3),ldap_connect,ldap_bind_s, then
ldap_search_s and print the results etc. The code runs well with those
steps while I try to connect the remote LDAP Server via ssl, problem
comes. Using the ldap_sslinit instead of ldap_init, I got error "Cannot
contact the LDAP server." every time when doing ldap_connect. I use
netstat to monitor the connection status and did find the code get
connected with the remote server(port 636).

Could anyone give me some advices?Thanks:-)

afar