[Date Prev][Date Next]
Re: SSL connection using libLDAP
At 12:19 PM 3/18/2006, Alexander Hartner wrote:
>I tried to look for the man pages, but can't find them anywhere.
Some manual pages are missing, especially in older versions
of OpenLDAP Software.
modern versions of OpenLDAP client tools don't call ldap_init(3).
They call ldap_initialize(3).
>2.)ldap_set_options (Version 3,... ) I think I need to set the
>CACERTFILE here. But I don't know what option to set. I am also
>hoping for an option to accept self signed certificates without
>having to specify a CA.
Only necessarily if you don't use the ldap.conf(5) method
of providing TLS configuration.
For StartTLS, yes.
>It doesn't work yet,
Well, does ldapsearch(1) work? If so, then your program should
work too if you proper followed the ldapsearch(1) example. If
not, well, I suggest you get ldapsearch(1) working first.
>because I don't know what options to set.
>If you have the man pages could you please email them to me.
You might look in HEAD for recently written pages.
>Thanks for your help
>Does a good farmer neglect a crop he has planted?
>Does a good teacher overlook even the most humble student?
>Does a good father allow a single child to starve?
>Does a good programmer refuse to maintain his code?
> - The Tao of Programming
>On 18 Mar 2006, at 04:46, Kurt D. Zeilenga wrote:
>>OpenLDAP's -lldap supports initiating TLS (SSL) using either
>>the standard "Start TLS" mechanism [RFC2830] or the non-standard
>>"ldaps:" (Secure LDAP) mechanism. In the former case, the
>>program should call ldap_initialize(3) with the appropriate
>>ldap: URL, set version to 3, and then call ldap_start_tls_s(3).
>>In the latter case, ldap_initialize(3) is called with the
>>ldaps: URL. In both cases, appropriate certificate information
>>should be provided via ldap.conf(5) facilities or via
>>ldap_set_option(3)). See the client/tools for example code.
>>At 03:56 PM 3/17/2006, Alexander Hartner wrote:
>>>I am trying to connect to my LDAP directory using libLDAP. With SSL
>>>disable the following code works, but since I switched SSL on it
>>> ldap = ldap_init([hostname cString], [port intValue]);
>>> ldap_perror(ldap, "LDAP INITIALISED");
>>> const int version = 3;
>>> int e = ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION,
>>> ldap_perror(ldap, "LDAP VERSION 3 SET");
>>> e = ldap_simple_bind_s(ldap, [username cString], [password
>>> char * errorMessage = ldap_err2string(e);
>>> ldap_perror(ldap, "LDAP BOUND");
>>>The error reported is :
>>>LDAP BOUND: Can't contact LDAP server (-1)
>>>I figure this is a problem with ldap_simpel_bind_s, but i can't find
>>>what I need to modify for SSL to work.
>>>Does a good farmer neglect a crop he has planted?
>>>Does a good teacher overlook even the most humble student?
>>>Does a good father allow a single child to starve?
>>>Does a good programmer refuse to maintain his code?
>>> - The Tao of Programming