[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Using SSL and TLS

To: Matt Harp <mharp@seapine.com>, openldap-software@OpenLDAP.org
Subject: RE: Using SSL and TLS
From: Hagai Yaffe <HagaiY@Cyber-Ark.com>
Date: Sun, 22 Feb 2004 11:00:58 +0200
Content-class: urn:content-classes:message
Thread-index: AcP3IPHPswpeqQiNST6iHlBRvX15WwCAUkkQ
Thread-topic: Using SSL and TLS

Hello Matt,

You can enable the ldap debug mechanism and then you will get a file with more info on the problem, it is done like this : 

int    iDebugLevel = 127;
FILE   *LdapLogFile;

LdapLogFile = fopen("ldap.log", "a+");

ber_set_option(NULL, 
                LBER_OPT_LOG_PRINT_FILE, 
                LdapLogFile);

ldap_set_option(NULL, 
               LDAP_OPT_DEBUG_LEVEL, 
               &iDebugLevel);

This might help you, also if you want to work ssl you need a certificate for the ldap server, and you need to set the CA certificate at the client, like this:

ldap_set_option(NULL,
                LDAP_OPT_X_TLS_CACERTFILE,
                CACertFileName);


And after that:

ldap_initialize(&pldap, "ldaps://my.server.com:636");
ldap_set_option( pldap, LDAP_OPT_PROTOCOL_VERSION, &iVer);
ldap_simple_bind_s(*hLdap, LdapUserName, LdapPassword);
                                            
This works for me. 

Hagai. 

-----Original Message-----
From: owner-openldap-software@OpenLDAP.org
[mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Matt Harp
Sent: Thursday, February 19, 2004 9:25 PM
To: openldap-software@OpenLDAP.org
Subject: Using SSL and TLS


Hey all,

I've read numerous posts on the subject but still can't figure out what's
going on.

Config:
	OpenLDAP 2.1.25
	OpenSSL 0.9.7
	Cyrus-SASL 1.5.28
	Berkley DB 4.2

I have slapd running with TLS support, listening for SSL connections on port
636 and non-SSL on 389. I can do ldapsearch calls to -H
"ldaps://my.server.com" and it all works great. But, I can't figure out how
to connect using the libldap API calls.

I have code like this...

	LDAP *pldap = NULL;
	ldap_initialize( &pldap, "ldaps://my.server.com:636");

	int iVer = LDAP_VERSION3;
	ldap_set_option( pldap, LDAP_OPT_PROTOCOL_VERSION, &iVer);

	ldap_start_tls_s( pldap, NULL, NULL); // returns code 81, but my server is
not down.

	ldap_simple_bind_s( pldap, 0, 0); // also fails, even if I skip the
start_tls call.

If I change the ldap_initialize to pass in "ldap://my.server.com:389"; then
everything works (I don't call the start_tls of course, but simple_bind
works).

Is this approach correct? I keep reading stuff about SSL and TLS, but can't
seem to completely grasp how they are different.

Why is the start_tls call failing with a client-side error telling me that
my server is down?

Any help would be greatly appreciated.

Thanks,

Matt

Prev by Date: Re: email schema
Next by Date: using ldap ssh, proftpd and apache.
Index(es):
- Chronological
- Thread