[Date Prev][Date Next] [Chronological] [Thread] [Top]

Client Authentication & TLS API



Hi,

I am trying to get client authentication via TLS working.

My code looks like

ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, "C:\\ldap\\certs\\certs.p7b");
ldap_initialize(&pLd, "ldaps://myldapserver.com:636");
ldap_set_option( pLd, LDAP_OPT_PROTOCOL_VERSION, &ldap_version);
ldap_simple_bind_s(pLd, domain_name, password);


I enabled logging and these are the contents of my log file.

ldap_create
ldap_url_parse_ext(ldaps://myldapserver.com:636)
ldap_simple_bind_s
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection
ldap_int_open_connection
ldap_connect_to_host: TCP myldapserver.com:636
ldap_new_socket: 996
ldap_prepare_socket: 996
ldap_connect_to_host: Trying 128.61.3.251:636
ldap_connect_timeout: fd: 996 tm: -1 async: 0
ldap_ndelay_on: 996
ldap_ndelay_off: 996
TLS: could not load verify locations (file:`C:\ldap\certs\certs.p7b',dir:`').
ldap_result msgid 56640
ldap_chkResponseList for msgid=56640, all=0
ldap_chkResponseList for msgid=56640, all=0
ldap_int_select
ldap_abandon 56640
ldap_abandon_ext 56640
do_abandon origid 56640, msgid 56640
ldap_msgdelete


If I use the following code instead


ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, "C:\\ldap\\certs\\certs.p7b");
pLd = ldap_init( server, 636 );
ldap_set_option( pLd, LDAP_OPT_PROTOCOL_VERSION, &ldap_version);
ldap_start_tls_s(pLd, NULL, NULL);
ldap_simple_bind_s(pLd, domain_name, password);


I am still unable to connect to the server. The contents of the log file are

 ldap_create
ldap_extended_operation_s
ldap_extended_operation
ldap_send_initial_request
ldap_new_connection
ldap_int_open_connection
ldap_connect_to_host: TCP myldapserver.com:636
ldap_new_socket: 1008
ldap_prepare_socket: 1008
ldap_connect_to_host: Trying 128.61.3.251:636
ldap_connect_timeout: fd: 1008 tm: -1 async: 0
ldap_ndelay_on: 1008
ldap_ndelay_off: 1008
ldap_open_defconn: successful
ldap_send_server_request
ldap_result msgid 1
ldap_chkResponseList for msgid=1, all=1
ldap_chkResponseList for msgid=1, all=1
ldap_int_select
read1msg: msgid 1, all 1
ldap_simple_bind_s
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_send_server_request
ldap_result msgid 2
ldap_chkResponseList for msgid=2, all=1
ldap_chkResponseList for msgid=2, all=1
ldap_int_select
read1msg: msgid 2, all 1
ldap_result msgid 53354
ldap_chkResponseList for msgid=53354, all=0
ldap_chkResponseList for msgid=53354, all=0
ldap_int_select
read1msg: msgid 53354, all 0
ldap_abandon 53354
ldap_abandon_ext 53354
do_abandon origid 53354, msgid 53354
ldap_msgdelete
ldap_free_request (origid 2, msgid 2)
ldap_free_request (origid 1, msgid 1)
ldap_free_connection
ldap_send_unbind
ldap_free_connection: actually freed

Thanks much in advance.