[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP-Client TLS

On 2012.11.16 03.45, Martin.Heinzmann@belden.com wrote:
i am trying to write my own client which connects to an active directory
and searches for an user. So far it works, i call "ldap_initialize", set
version 3, "ldap_simple_bind_s" and then search the directory.
Now i want the connection to be secure by executing a "Simple TLS
handshake". I changed my hostname variable to "ldaps://ip:636" and tried
"ldap_start_tls_s(ld,NULL,NULL)" before the bind but get a "cant contact
ldap server" error. I think my active directory is configured the right
way because with JXplorer it works over ssl and port 636.

Does anyone know which functions i have to call so a successful tls
connection will be set up?

i know very little about libldap and its routines, but i do know that ldaps is not starttls, and starttls is not 636.

man 3 ldap_start_tls_s seems to specifically indicate that routine is strictly for starttls, not ldaps. that would mean that you should be connecting to the regular ldap port [389] - e.g. "ldap://hostname/";, and then using ldap_start_tls_s. that wouldn't work with ldaps/636 [and ldaps is deprecated anyway].