Re: Using TLS connecting to a AD server. openldap2.4.42

To: Michael Ströder <michael@stroeder.com>, openldap-technical@openldap.org, Quanah Gibson-Mount <quanah@symas.com>

Subject: Re: Using TLS connecting to a AD server. openldap2.4.42

From: Don jessup <djessup72@yahoo.com>

Date: Mon, 11 Sep 2017 14:07:01 +0000 (UTC)

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1505139121; bh=bcrQD14/4XgLXog8/5bP5X03q9A4BcDrdaojfDHoQos=; h=Date:From:To:In-Reply-To:References:Subject:From:Subject; b=i+hP9HbljRIvCbuHZj6sSKZ+Bi4glA9uQw8CRaOtrD2ahfJr1B5jH/OC3S0Zrxd7++3ecYeYq+Lf4Sgp89zzEBXTfnYVsvdQZUFyp2zTUts6gCP9zsqEKQ7eplsXteg/X11NgepQwsvUb9cMjaLMrdtKXo3a/k7xYVwcukQl2N6znEjEJpaovxr/Owc4J+uYi5IAxzS3oktudf/c0kzvky2rmCYx2CPeduOi+P1HNalmmTf7fdK7zW6Nlc0MDkAzfD5xADdTB6nzUk3YyrkSxpHpYWdoXnaIITY4+uJyT1hqUFugtePXH0kqXXQ6ASljMw0BPmGlvXsI3xtgaFzjrA==

In-reply-to: <7F77CDA4C81DABFDBAE2E1FE@[192.168.1.30]>

References: <562266727.5579513.1504892914660.ref@mail.yahoo.com> <562266727.5579513.1504892914660@mail.yahoo.com> <WM!397d278a8743224aa5f4a5c0b3fe682259437befb38ee1bb0566ec0c36f8d9cb83b041ec332aa5344ef1102a84e08108!@mailstronghold-1.zmailcloud.com> <044DF1D6600527D8571B6CB5@[192.168.1.30]> <75799906-5ac3-8736-824b-a47ddd34f8d4@stroeder.com> <WM!bfd2106f26c5f24f6faec1f31543c1482995801eabd9fc661b7526787d93fffd2c82117a0b2bd24be6da71a426c171aa!@mailstronghold-2.zmailcloud.com> <7F77CDA4C81DABFDBAE2E1FE@[192.168.1.30]>

Thanks, that helps it's now working.

Don

On Sunday, September 10, 2017, 2:51:15 PM MDT, Quanah Gibson-Mount <quanah@symas.com> wrote:

--On Sunday, September 10, 2017 2:25 PM +0200 Michael Ströder
<michael@stroeder.com> wrote:
> I thought you have to set LDAP_OPT_X_TLS_NEWCTX to 0 *after* setting all
> TLS-related options to let libldap reinitialize the client's SSL context.
> Doesn't that work as expected?

Well, my point was, he's doing:

ldap_set_option (ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &reqcert);

when instead you have to do:

ldap_set_option (NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &reqcert);

and then set up a new TLS context.

--Quanah

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>