LDAP authentication was working fine when I had single CA certificate at my client machine. I was using
ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, tls_cacert_file))
to set the path of CA certificate. Now, there are multiple CA certificates in my certificate hosting path. I tried by reading all the files and then assign the first one using the set option above and if it fails, I perform ldap_unbind and then create a fresh
request and set all the options before calling "ldap_start_tls_s". So the steps are:
1.
ld = ldap_init()
2. ldap_set_option for number of options including LDAP_OPT_X_TLS_CACERTFILE which points to first file in the directory containing multiple CA certificates
3. ldap_start_tls_s(ld, NULL, NULL)
4. If step 3 is successful continue with normal operation
5. If step 3 fails, ldap_unbind (ld), start from step1 again except that LDAP_OPT_X_TLS_CACERTFILE will now have the next entry in the directory as input.
Is there anything wrong in this? Is there any better approach for this?
Thanks,
Sachin