[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: openldap and SSL with AD



In message <1482291.1045161074@[10.10.9.3]>
          Norbert Klasen <norbert+lists.openldap-software@burgundy.dyndns.org> wrote:

> 
> 
> --On Donnerstag, 13. Februar 2003 14:49 +0000 Daniel Barron 
> <ldaplist@jadeb.com> wrote:
> 
> > I have set up the win2k AD to work with LDAPS on port 636 and I have
> > tested it to work with an windows ldap browser that works over SSL.  So
> > all that bits done.
> >
> > But I have no idea how to change the code to make it connect using LDAPS.
> >
> > I tried ldapsearch with the -ZZ option and -p 636 but all I got was:
> > ldap_init( 192.168.72.230, 636 )
> > ldap_start_tls: Can't contact LDAP server
> 
> You're mixing START_TLS (which normally uses port 389) and LDAPS. The -ZZ 
> option requires START_TLS which is not supported by AD. Try using
> ldap_initilize("ldaps://192.168.72.230").
> Unless you're server certificate containes a subjectAltName extension of 
> type ip address, you'll also need to use the server's FQDN instead of its 
> IP.
> 
> See also http://www.openldap.org/faq/data/cache/185.html

Thank you very much - thats most helpful.  I would like to know more about
ldap_initilize but I can't find a man page for it?  I also tried looking for
ldap_initialize, ldap_initialise, etc.

-- 
Daniel Barron
(Visit http://dansguardian.org/ - True web content filtering for all)