Re: LDAP/TLS/389 works, LDAP/SSL/636 does not...

[Howard Chu <hyc@symas.com>]

Tim Tassonis wrote:

>   ldapuri = ldap_url_desc2str( &url );
>   rc = ldap_initialize( &conn, ldapuri );
>   if( rc != LDAP_SUCCESS ) {
>     conn = NULL;
>     /* Output error */
>     return 0;
>   }
>   rc = ldap_simple_bind_s(conn,bind_dn,password);
>   if (rc != LDAP_SUCCESS) {
>     /* Output error */
>     conn = NULL;
>     return 0;
>   }
>   return 1;
> }
>
> As on the command line, you need to go by ldaps://url stuff in order to 
> do SSL. Then, it works without problems.

Correct. If you use ldap_initialize( xx, "ldaps://xxxx" ) then the 
library will set up SSL for you. You only need to call 
ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, xx) if you didn't 
already set that in your .ldaprc or ldap.conf file.

It is possible to cause SSL to be set up using ldap_init, but that API 
is deprecated so we will not discuss it.

> > What am I missing?  The ldaps connection does not even seem to connect
> > at all - there's no traffic visible on a tcpdump whatsoever.
> >
> > All help much appreciated,
> >
> > Thanks,
> >
> > Dave.


--
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  OpenLDAP Core Team            http://www.openldap.org/project/