[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP/TLS/389 works, LDAP/SSL/636 does not...

Tim Tassonis wrote:

  ldapuri = ldap_url_desc2str( &url );
  rc = ldap_initialize( &conn, ldapuri );
  if( rc != LDAP_SUCCESS ) {
    conn = NULL;
    /* Output error */
    return 0;
  rc = ldap_simple_bind_s(conn,bind_dn,password);
  if (rc != LDAP_SUCCESS) {
    /* Output error */
    conn = NULL;
    return 0;
  return 1;

As on the command line, you need to go by ldaps://url stuff in order to do SSL. Then, it works without problems.

Correct. If you use ldap_initialize( xx, "ldaps://xxxx" ) then the library will set up SSL for you. You only need to call ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, xx) if you didn't already set that in your .ldaprc or ldap.conf file.

It is possible to cause SSL to be set up using ldap_init, but that API is deprecated so we will not discuss it.

What am I missing?  The ldaps connection does not even seem to connect
at all - there's no traffic visible on a tcpdump whatsoever.

All help much appreciated,



  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  OpenLDAP Core Team            http://www.openldap.org/project/