[Date Prev][Date Next]
Re: OpenLDAP-Client TLS
On 2012.11.16 03.45, Martin.Heinzmann@belden.com wrote:
i am trying to write my own client which connects to an active directory
and searches for an user. So far it works, i call "ldap_initialize", set
version 3, "ldap_simple_bind_s" and then search the directory.
Now i want the connection to be secure by executing a "Simple TLS
handshake". I changed my hostname variable to "ldaps://ip:636" and tried
"ldap_start_tls_s(ld,NULL,NULL)" before the bind but get a "cant contact
ldap server" error. I think my active directory is configured the right
way because with JXplorer it works over ssl and port 636.
Does anyone know which functions i have to call so a successful tls
connection will be set up?
i know very little about libldap and its routines, but i do know that
ldaps is not starttls, and starttls is not 636.
man 3 ldap_start_tls_s seems to specifically indicate that routine is
strictly for starttls, not ldaps. that would mean that you should be
connecting to the regular ldap port  - e.g. "ldap://hostname/", and
then using ldap_start_tls_s. that wouldn't work with ldaps/636 [and
ldaps is deprecated anyway].