[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: reg ldap over ssl

To: prasanth allada <prasanth.allada@gmail.com>
Subject: Re: reg ldap over ssl
From: Philip Guenther <guenther+ldapsoft@sendmail.com>
Date: Wed, 2 Jul 2008 00:38:13 -0600
Cc: openldap-software@openldap.org
In-reply-to: <a07dd2c70807012303k5a4dd4fcq4ec85a3949db2405@mail.gmail.com>
References: <a07dd2c70807010542k6dbdaef7nb7d3f7461cb328e1@mail.gmail.com> <a07dd2c70807010716v688793aao1873925aca2af793@mail.gmail.com> <alpine.BSO.1.10.0807011302210.4906@vanye.mho.net> <a07dd2c70807012303k5a4dd4fcq4ec85a3949db2405@mail.gmail.com>
User-agent: Alpine 1.10 (BSO 962 2008-03-14)

On Wed, 2 Jul 2008, prasanth allada wrote:

i used ldap_initialize and tried initializing the connection using the CA certificate. i still am getting the same error.

Uh huh. I wrote:

Right, because ldap_start_tls_s() performs the LDAP start TLS operation,
but for ldaps the client is supposed to simply negotiate TLS/SSL upon
connection, without sending an LDAP operation first.

I.e., don't use ldap_start_tls_s() with an "ldaps" URI! Simply remove that call from your code. SSL will automatically be negotiated when the connection is actually opened.


Philip Guenther

References:
- reg ldap over ssl
  - From: "prasanth allada" <prasanth.allada@gmail.com>
- Re: reg ldap over ssl
  - From: Philip Guenther <guenther+ldapsoft@sendmail.com>
- Re: reg ldap over ssl
  - From: "prasanth allada" <prasanth.allada@gmail.com>

Prev by Date: Re: ppolicy/value #0 not allowed
Next by Date: Re: ACL Help Please
Index(es):
- Chronological
- Thread