[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problem connecting to LDAP server with TLS when using the LDAP server IP address



Nithya Balachandran wrote:
Hi,

I hope I am posting this to the right group.

I have an application that is using OpenLDAP to communicate with a
Novell eDirectory LDAP server over TLS/SSL (Am not very sure of the
difference. I have got the CA certificate from the server. However I see
a problem when my application tries to connect to the LDAP server using
the IP address of the LDAP server. I get a "Could not find LDAP server"
error. I don't see any problem when I use the DNS name of the LDAP
server.
I am using the following code to initialize the connection:


int SSLmode = LDAP_OPT_X_TLS_HARD; LDAP *ld = ldap_init(host, port); if(ld == NULL) return NULL;

rc = ldap_set_option(ld, LDAP_OPT_X_TLS, &SSLmode);
if(rc != LDAP_SUCCESS)
{
return NULL;
}
rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, cert);
if(rc != LDAP_SUCCESS)
return NULL;


Does anyone know why this is happening? Is there any way to get around
it?

Thanks,
Nithya

You should read the OpenLDAP FAQ on using TLS/SSL (http://www.openldap.org/faq/data/cache/185.html) in which it states


"Remember that the Common Name for this cert should be the fully qualified domain name of the server"

You should use openssl s_client to find out the certificate CN of your eDirectory server and use that CN rather than the IP# in your application..

Dave
--
Dave Lewney
Principal Systems Programmer, IT Services
University of Sussex, Brighton BN1 9QJ. Tel: 01273 678354 Fax: 01273 271956