[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSL connection using libLDAP

To: openldap-software@OpenLDAP.org
Subject: Re: SSL connection using libLDAP
From: Alexander Hartner <alex@j2anywhere.com>
Date: Sat, 18 Mar 2006 20:19:14 +0000
In-reply-to: <7.0.1.0.0.20060317204042.03352ad0@OpenLDAP.org>
References: <2F3110C2-3E9C-443D-B9A8-D184A6EC43B4@j2anywhere.com> <7.0.1.0.0.20060317204042.03352ad0@OpenLDAP.org>

Hi Kurt,

I tried to look for the man pages, but can't find them anywhere. They don't seem to be included on OS X, Gentoo or the website.

ï

I had a look at the examples (clients/tools) and I modified my code. I hope I have the sequence right ? I call the following function as follows:

1.)ldap_init 2.)ldap_set_options (Version 3,... ) I think I need to set the CACERTFILE here. But I don't know what option to set. I am also hoping for an option to accept self signed certificates without having to specify a CA. 3.)ldap_start_tls_s 4.)ldap_simple_bind_s

It doesn't work yet, because I don't know what options to set. If you have the man pages could you please email them to me. Thanks for your help

Alexander Hartner
alex@j2anywhere.com

Does a good farmer neglect a crop he has planted?
Does a good teacher overlook even the most humble student?
Does a good father allow a single child to starve?
Does a good programmer refuse to maintain his code?
  - The Tao of Programming


On 18 Mar 2006, at 04:46, Kurt D. Zeilenga wrote:

OpenLDAP's -lldap supports initiating TLS (SSL) using either
the standard "Start TLS" mechanism [RFC2830] or the non-standard
"ldaps:" (Secure LDAP) mechanism.  In the former case, the
program should call ldap_initialize(3) with the appropriate
ldap: URL, set version to 3, and then call ldap_start_tls_s(3).
In the latter case, ldap_initialize(3) is called with the
ldaps: URL.  In both cases, appropriate certificate information
should be provided via ldap.conf(5) facilities or via
ldap_set_option(3)).  See the client/tools for example code.
- Kurt
At 03:56 PM 3/17/2006, Alexander Hartner wrote:
I am trying to connect to my LDAP directory using libLDAP. With SSL disable the following code works, but since I switched SSL on it breaks.

ldap = ldap_init([hostname cString], [port intValue]); ldap_perror(ldap, "LDAP INITIALISED"); const int version = 3; int e = ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION, &version); ldap_perror(ldap, "LDAP VERSION 3 SET");

e = ldap_simple_bind_s(ldap, [username cString], [password cString]);
       char * errorMessage = ldap_err2string(e);
       ldap_perror(ldap, "LDAP BOUND");
The error reported is :
LDAP BOUND: Can't contact LDAP server (-1)
I figure this is a problem with ldap_simpel_bind_s, but i can't find
what I need to modify for SSL to work.
Thanks
Alexander Hartner
alex@j2anywhere.com
Does a good farmer neglect a crop he has planted?
Does a good teacher overlook even the most humble student?
Does a good father allow a single child to starve?
Does a good programmer refuse to maintain his code?
 - The Tao of Programming

Follow-Ups:
- Re: SSL connection using libLDAP
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- SSL connection using libLDAP
  - From: Alexander Hartner <alex@j2anywhere.com>
- Re: SSL connection using libLDAP
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: OL 2.3.20 on Debian Sarge: SASL bind, segmentation fault
Next by Date: OTP
Index(es):
- Chronological
- Thread