[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
ldap_start_tls_s failing, yet perror is SUCCESS.
To preface the problem, I CAN use ldapsearch to search, with the -ZZ option,
and get valid searches for the same set of parameters as I am using in the
following code. So, server, and configuration are all setup right.
Now, the problem is that ldap_start_tls_s(), when called with an initialized
LDAP * and two NULL's, returns (!LDAP_SUCCESS). I then call ldap_perror() on
the LDAP *, and it says SUCCESS. Not much use to figure out why the call
failed. Interestingly enough, I have the same problem in doing
ldap_set_option() on *_TLS_CACERTFILE. The code is small, so it's here. And
since this works in the client/tools/* (ldapsearch), I don't seem to
understand why it doesn't work in my code. OpenLDAP 2.1.22. Is there a
secret call used to actually get useful information?
Also, when I don't have the CACERTFILE set correctly (in ldap.con,
TLS_CACERT), and run an ldapsearch, reports intelligent information.
However, all I can get is, SUCCESS.
LDAP * ld = ldap_init(server.c_str(), port);
if( ld == NULL ) {
perror("ldap_init FAILED");
return -1;
}
int protocol = LDAP_VERSION3;
if( ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &protocol )
!= LDAP_OPT_SUCCESS )
{
cerr << "Could not set LDAP_OPT_PROTOCOL_VERSION" << endl;
ldap_unbind(ld);
return -1;
}
// ALSO, I have tried setting the CACERTFILE, but either way, it fails
char * certfile = "/path/to/cacert";
if( ldap_set_option( ld, LDAP_OPT_X_TLS_CACERTFILE, certfile)
!= LDAP_OPT_SUCCESS )
{
// bail
}
if( (ldap_start_tls_s( ld, NULL, NULL ) != LDAP_SUCCESS )) {
ldap_perror(ld, "start_tls() failed");
ldap_unbind_s(ld);
return -1;
}
Any thoughts?