[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Client App and STARTLS auth

On 06/14/2011 09:40 AM, Massimiliano Pala wrote:
Hello Rich,

responses inline..

On 06/13/2011 10:30 AM, Rich Megginson wrote:
LDAPTLS_REQCERT=never ldapsearch -x -d 1 -ZZ -H ldap://yourhost:yourport -s base -b "" >
output.log 2>&1

I executed the command.. and it worked. I attach the output. Any help on
how can I duplicate this behavior in my application ?

More specifically. When shall I set the option:

  int opt_val = LDAP_OPT_X_TLS_ALLOW;
  ldap_set_option(ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &opt_val)

- At startup with ld == NULL ?
- Right after ldap_initialize(&ld, url) - i.e. before ldap_start_tls() ?
- Elsewhere ?
I don't know. I suggest taking a look at the source code for ldapsearch - since that works, if you can do what it does, you should be good to go:

Last but not least: shall I use ALLOW, TRY, or NEVER as the option for REQUIRE_CERT ?