[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSL connection using libLDAP

OpenLDAP's -lldap supports initiating TLS (SSL) using either
the standard "Start TLS" mechanism [RFC2830] or the non-standard
"ldaps:" (Secure LDAP) mechanism.  In the former case, the
program should call ldap_initialize(3) with the appropriate
ldap: URL, set version to 3, and then call ldap_start_tls_s(3).
In the latter case, ldap_initialize(3) is called with the
ldaps: URL.  In both cases, appropriate certificate information
should be provided via ldap.conf(5) facilities or via
ldap_set_option(3)).  See the client/tools for example code.

- Kurt

At 03:56 PM 3/17/2006, Alexander Hartner wrote:
>I am trying to connect to my LDAP directory using libLDAP. With SSL  
>disable the following code works, but since I switched SSL on it breaks.
>        ldap = ldap_init([hostname cString], [port intValue]);
>        ldap_perror(ldap, "LDAP INITIALISED");
>        const int version = 3;
>        int e = ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION, &version);
>        ldap_perror(ldap, "LDAP VERSION 3 SET");
>        e = ldap_simple_bind_s(ldap, [username cString], [password cString]);
>        char * errorMessage = ldap_err2string(e);
>        ldap_perror(ldap, "LDAP BOUND");
>The error reported is :
>LDAP BOUND: Can't contact LDAP server (-1)
>I figure this is a problem with ldap_simpel_bind_s, but i can't find  
>what I need to modify for SSL to work.
>Alexander Hartner
>Does a good farmer neglect a crop he has planted?
>Does a good teacher overlook even the most humble student?
>Does a good father allow a single child to starve?
>Does a good programmer refuse to maintain his code?
>  - The Tao of Programming