[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSL connection using libLDAP

At 12:19 PM 3/18/2006, Alexander Hartner wrote:
>I tried to look for the man pages, but can't find them anywhere.

Some manual pages are missing, especially in older versions
of OpenLDAP Software.

>1.)ldap_init

modern versions of OpenLDAP client tools don't call ldap_init(3).
They call ldap_initialize(3).

>2.)ldap_set_options (Version 3,... ) I think I need to set the  
>CACERTFILE here. But I don't know what option to set. I am also  
>hoping for an option to accept self signed certificates without  
>having to specify a CA.

Only necessarily if you don't use the ldap.conf(5) method
of providing TLS configuration.

>3.)ldap_start_tls_s
>4.)ldap_simple_bind_s

For StartTLS, yes.

>It doesn't work yet,

Well, does ldapsearch(1) work?  If so, then your program should
work too if you proper followed the ldapsearch(1) example.  If
not, well, I suggest you get ldapsearch(1) working first.

>because I don't know what options to set.

>If you have the man pages could you please email them to me.

You might look in HEAD for recently written pages.

>Thanks for your help
>
>Alexander Hartner
>alex@j2anywhere.com
>
>Does a good farmer neglect a crop he has planted?
>Does a good teacher overlook even the most humble student?
>Does a good father allow a single child to starve?
>Does a good programmer refuse to maintain his code?
>  - The Tao of Programming
>
>
>On 18 Mar 2006, at 04:46, Kurt D. Zeilenga wrote:
>
>>OpenLDAP's -lldap supports initiating TLS (SSL) using either
>>the standard "Start TLS" mechanism [RFC2830] or the non-standard
>>"ldaps:" (Secure LDAP) mechanism.  In the former case, the
>>program should call ldap_initialize(3) with the appropriate
>>ldap: URL, set version to 3, and then call ldap_start_tls_s(3).
>>In the latter case, ldap_initialize(3) is called with the
>>ldaps: URL.  In both cases, appropriate certificate information
>>should be provided via ldap.conf(5) facilities or via
>>ldap_set_option(3)).  See the client/tools for example code.
>>
>>- Kurt
>>
>>At 03:56 PM 3/17/2006, Alexander Hartner wrote:
>>>I am trying to connect to my LDAP directory using libLDAP. With SSL
>>>disable the following code works, but since I switched SSL on it  
>>>breaks.
>>>
>>>       ldap = ldap_init([hostname cString], [port intValue]);
>>>       ldap_perror(ldap, "LDAP INITIALISED");
>>>       const int version = 3;
>>>       int e = ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION,  
>>>&version);
>>>       ldap_perror(ldap, "LDAP VERSION 3 SET");
>>>
>>>       e = ldap_simple_bind_s(ldap, [username cString], [password  
>>>cString]);
>>>
>>>       char * errorMessage = ldap_err2string(e);
>>>       ldap_perror(ldap, "LDAP BOUND");
>>>
>>>The error reported is :
>>>
>>>LDAP BOUND: Can't contact LDAP server (-1)
>>>
>>>I figure this is a problem with ldap_simpel_bind_s, but i can't find
>>>what I need to modify for SSL to work.
>>>
>>>Thanks
>>>
>>>Alexander Hartner
>>>alex@j2anywhere.com
>>>
>>>Does a good farmer neglect a crop he has planted?
>>>Does a good teacher overlook even the most humble student?
>>>Does a good father allow a single child to starve?
>>>Does a good programmer refuse to maintain his code?
>>> - The Tao of Programming
>>>
>
>