[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP issues when connecting over SSL



Hi,
  I am trying to do authentication with openldap using TLS. The flowing program works fine if the ldap_port is 389. But if i mention 636 it gives me the error can't contact the ldap server.
I use slapd 2.3.19 and SLES. Does the openldap by default listen on 636? or do i need to pass the certificate must. (If in that case can you please point out some link).
What i am missing here. Anybody please help me on this.

thanks for your all help.


#include<ldap.h>
#include<stdio.h>

int main() {
  static LDAP * ld = NULL;
  static char ldap_server[30] = "My.Ip.Add.ress", 
    ldap_username[30] = "cn=admin,o=domain", 
    ldap_password[30] = "pwd",
    ldap_base_dn[30] = "o=domain";
  static int ldap_port = 636;
  int version,ret;

  LDAPMessage * ldres, * hostres, * ent, * hostent;
  char hfilter[100] = "(&(objectClass=User)(cn=kalyan))";
  char * hostdn;

  
  if ((ld = ldap_init (ldap_server, ldap_port)) == NULL)
    {
      fprintf (stderr,"Error:Cannot init ldap session to %s\n", ldap_server);
      return -1;
    }
  version = LDAP_VERSION3;
  if ((ret = ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION, &version)) != LDAP_OPT_SUCCESS)
    {
      fprintf(stderr,"Cannot set LDAP version to %d: %s", version,
                 ldap_err2string (ret));
    }

  if((ret == ldap_start_tls_s(ld,NULL,NULL)) != LDAP_SUCCESS) {
    fprintf(stderr, "Cannot not start TLS, err value is %s\n",ldap_err2string(ret));
    return 1;
  }

  if(( ret = ldap_simple_bind_s(ld, ldap_username, ldap_password)) != LDAP_SUCCESS){
    fprintf(stderr,"ERROR cant login to ldap server %s",ldap_err2string(ret));
    return -1;
  }
    
  if((ret = ldap_search_s(ld, ldap_base_dn, LDAP_SCOPE_SUBTREE,hfilter,NULL,0,&hostres)) != LDAP_SUCCESS)
    {
      fprintf(stderr,"Cannot find entry");
      return -1;
    }

  if((hostent = ldap_first_entry(ld, hostres))== NULL) {
    fprintf(stderr, "No matchinh entry found");
    return -1;
  }
  
  hostdn = ldap_get_dn(ld,hostent);
  printf("\n Result is out succssfully:%s\n",hostdn);
  return 1;
}


-Kalyan