Hello Rich, responses inline.. On 06/13/2011 10:30 AM, Rich Megginson wrote: [...]
LDAPTLS_REQCERT=never ldapsearch -x -d 1 -ZZ -H ldap://yourhost:yourport -s base -b "" > output.log 2>&1
I executed the command.. and it worked. I attach the output. Any help on how can I duplicate this behavior in my application ? More specifically. When shall I set the option: int opt_val = LDAP_OPT_X_TLS_ALLOW; ldap_set_option(ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &opt_val) Possibilities: - At startup with ld == NULL ? - Right after ldap_initialize(&ld, url) - i.e. before ldap_start_tls() ? - Elsewhere ? Last but not least: shall I use ALLOW, TRY, or NEVER as the option for REQUIRE_CERT ? Cheers, Max -- http://member.acm.org/~openca/ Massimiliano Pala, Ph.D. Director, OpenCA Labs Professor, NYU Poly
ldap_url_parse_ext(ldap://ldap.xxxxxxxxxxx:389) ldap_create ldap_url_parse_ext(ldap://ldap.xxxxxxxxxxx:389/??base) ldap_extended_operation_s ldap_extended_operation ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP ldap.xxxxxxxxxx:389 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 2001:4830:1600:2f4::2 389 ldap_pvt_connect: fd: 3 tm: -1 async: 0 ldap_close_socket: 3 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 24.0.161.170:389 ldap_pvt_connect: fd: 3 tm: -1 async: 0 ldap_open_defconn: successful ldap_send_server_request ber_scanf fmt ({it) ber: ber_scanf fmt ({) ber: ber_flush2: 31 bytes to sd 3 ldap_result ld 0x19ab320 msgid 1 wait4msg ld 0x19ab320 msgid 1 (infinite timeout) wait4msg continue ld 0x19ab320 msgid 1 all 1 ** ld 0x19ab320 Connections: * host: ldap.xxxxxxxxxx port: 389 (default) refcnt: 2 status: Connected last used: Mon Jun 13 10:43:00 2011 ** ld 0x19ab320 Outstanding Requests: * msgid 1, origid 1, status InProgress outstanding referrals 0, parent count 0 ld 0x19ab320 request count 1 (abandoned 0) ** ld 0x19ab320 Response Queue: Empty ld 0x19ab320 response count 0 ldap_chkResponseList ld 0x19ab320 msgid 1 all 1 ldap_chkResponseList returns ld 0x19ab320 NULL ldap_int_select read1msg: ld 0x19ab320 msgid 1 all 1 ber_get_next ber_get_next: tag 0x30 len 12 contents: read1msg: ld 0x19ab320 msgid 1 message type extended-result ber_scanf fmt ({eAA) ber: read1msg: ld 0x19ab320 0 new referrals read1msg: mark request completed, ld 0x19ab320 msgid 1 request done: ld 0x19ab320 msgid 1 res_errno: 0, res_error: <>, res_matched: <> ldap_free_request (origid 1, msgid 1) ldap_parse_extended_result ber_scanf fmt ({eAA) ber: ldap_parse_result ber_scanf fmt ({iAA) ber: ber_scanf fmt (}) ber: ldap_msgfree TLS certificate verification: Error, -8172: Unknown code ___f 20 TLS certificate verification: subject: E=dnsrecords@xxxxxxxxxx,CN=ldap.xxxxxxxxxx,OU=StartSSL Web-of-Trust Community Validated,O=xxxxxxxxxxxx,L=xxxxxxxxx,C=US,OID.2.5.4.13=345282-g7tntpk45jT3a1Kc, issuer: CN=StartCom Class 1 Primary Intermediate Server CA,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL, cipher: RC4, security level: high, secret key bits: 128, total key bits: 128, cache hits: 0, cache misses: 0, cache not reusable: 0 ldap_sasl_bind ldap_send_initial_request ldap_send_server_request ber_scanf fmt ({it) ber: ber_scanf fmt ({i) ber: ber_flush2: 14 bytes to sd 3 ldap_result ld 0x19ab320 msgid 2 wait4msg ld 0x19ab320 msgid 2 (infinite timeout) wait4msg continue ld 0x19ab320 msgid 2 all 1 ** ld 0x19ab320 Connections: * host: ldap.xxxxxxxxxx port: 389 (default) refcnt: 2 status: Connected last used: Mon Jun 13 10:43:00 2011 ** ld 0x19ab320 Outstanding Requests: * msgid 2, origid 2, status InProgress outstanding referrals 0, parent count 0 ld 0x19ab320 request count 1 (abandoned 0) ** ld 0x19ab320 Response Queue: Empty ld 0x19ab320 response count 0 ldap_chkResponseList ld 0x19ab320 msgid 2 all 1 ldap_chkResponseList returns ld 0x19ab320 NULL ldap_int_select read1msg: ld 0x19ab320 msgid 2 all 1 ber_get_next ber_get_next: tag 0x30 len 12 contents: read1msg: ld 0x19ab320 msgid 2 message type bind ber_scanf fmt ({eAA) ber: read1msg: ld 0x19ab320 0 new referrals read1msg: mark request completed, ld 0x19ab320 msgid 2 request done: ld 0x19ab320 msgid 2 res_errno: 0, res_error: <>, res_matched: <> ldap_free_request (origid 2, msgid 2) ldap_parse_result ber_scanf fmt ({iAA) ber: ber_scanf fmt (}) ber: ldap_msgfree ldap_search_ext put_filter: "(objectclass=*)" put_filter: simple put_simple_filter: "objectclass=*" ldap_send_initial_request ldap_send_server_request ber_scanf fmt ({it) ber: ber_scanf fmt ({) ber: ber_flush2: 39 bytes to sd 3 ldap_result ld 0x19ab320 msgid -1 wait4msg ld 0x19ab320 msgid -1 (infinite timeout) wait4msg continue ld 0x19ab320 msgid -1 all 0 ** ld 0x19ab320 Connections: * host: ldap.xxxxxxxxxx port: 389 (default) refcnt: 2 status: Connected last used: Mon Jun 13 10:43:00 2011 ** ld 0x19ab320 Outstanding Requests: * msgid 3, origid 3, status InProgress outstanding referrals 0, parent count 0 ld 0x19ab320 request count 1 (abandoned 0) ** ld 0x19ab320 Response Queue: Empty ld 0x19ab320 response count 0 ldap_chkResponseList ld 0x19ab320 msgid -1 all 0 ldap_chkResponseList returns ld 0x19ab320 NULL ldap_int_select read1msg: ld 0x19ab320 msgid -1 all 0 ber_get_next ber_get_next: tag 0x30 len 48 contents: read1msg: ld 0x19ab320 msgid 3 message type search-entry ldap_get_dn_ber ber_scanf fmt ({ml{) ber: ldap_dn2ufn ldap_dn_normalize ber_scanf fmt ({xx) ber: ldap_get_attribute_ber ber_scanf fmt ({mM}) ber: ldap_get_attribute_ber ldap_msgfree ldap_result ld 0x19ab320 msgid -1 wait4msg ld 0x19ab320 msgid -1 (infinite timeout) wait4msg continue ld 0x19ab320 msgid -1 all 0 ** ld 0x19ab320 Connections: * host: ldap.xxxxxxxxxx port: 389 (default) refcnt: 2 status: Connected last used: Mon Jun 13 10:43:00 2011 ** ld 0x19ab320 Outstanding Requests: * msgid 3, origid 3, status InProgress outstanding referrals 0, parent count 0 ld 0x19ab320 request count 1 (abandoned 0) ** ld 0x19ab320 Response Queue: Empty ld 0x19ab320 response count 0 ldap_chkResponseList ld 0x19ab320 msgid -1 all 0 ldap_chkResponseList returns ld 0x19ab320 NULL ldap_int_select read1msg: ld 0x19ab320 msgid -1 all 0 ber_get_next ber_get_next: tag 0x30 len 12 contents: read1msg: ld 0x19ab320 msgid 3 message type search-result ber_scanf fmt ({eAA) ber: read1msg: ld 0x19ab320 0 new referrals read1msg: mark request completed, ld 0x19ab320 msgid 3 request done: ld 0x19ab320 msgid 3 res_errno: 0, res_error: <>, res_matched: <> ldap_free_request (origid 3, msgid 3) ldap_parse_result ber_scanf fmt ({iAA) ber: ber_scanf fmt (}) ber: ldap_err2string ldap_msgfree ldap_free_connection 1 1 ldap_send_unbind ber_flush2: 7 bytes to sd 3 ldap_free_connection: actually freed # extended LDIF # # LDAPv3 # base <> with scope baseObject # filter: (objectclass=*) # requesting: ALL # # dn: objectClass: top objectClass: OpenLDAProotDSE # search result search: 3 result: 0 Success # numResponses: 2 # numEntries: 1
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature