[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Unable to bind LDAP server via SSL

On 06/08/13 07:50 +0530, Ashwin Kumar wrote:
Hello all, I have written a sample code to connect to LDAP server via SSL
running on port 10389(ldap) & 10636(ldaps). But the sample application
fails to set the options for the SSL connection.
I do not want to verify the certificate correctness at this moment. Can
someone help fix this sample code??

#include <stdio.h>
#include <ldap.h>

#define BIND_DN "dc=example,dc=com"
#define BIND_PW "secret"

int main() {
LDAP *ld;
int rc;
int reqcert = LDAP_OPT_X_TLS_NEVER;
int version = LDAP_VERSION3;
int ret(0);

if (ldap_initialize (&ld, "ldap://";)) {
       perror("ldap_init"); /* no error here */
   rc  = ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION, &version);
printf("Setting LDAP_OPT_PROTOCOL_VERSION failed:

   rc = ldap_set_option (ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &reqcert);
printf("Setting LDAP_OPT_X_TLS_REQUIRE_CERT failed:

   rc = ldap_start_tls_s(ld, NULL, NULL);
   if (rc != LDAP_SUCCESS) {
       printf("ldap_start_tls failed: %s\n",ldap_err2string(rc));

   rc = ldap_bind_s(ld, BIND_DN, BIND_PW, LDAP_AUTH_SIMPLE);

   if( rc != LDAP_SUCCESS )
       fprintf(stderr, "ldap_simple_bind_s: %s\n", ldap_err2string(rc) );
       return( 1 );

The program always fails with:
*Setting LDAP_OPT_X_TLS_REQUIRE_CERT failed: Can't contact LDAP server*
*ldap_start_tls failed: Not Supported*

The server does support ldaps and ldap+tls. Can some one please help??

Can you connect to the server using any of the OpenLDAP client utilities
(e.g. ldapwhoami) using -Z? start_tls cannot be executed against an
ldaps:// URI, to my knowledge.

What options are you starting your server with, assuming that it's an
OpenLDAP server?

Dan White