To avoid certificate checks can you try ldapssl_advclientauth_init( ssl_certdbpath, NULL , 0 , NULL, NULL, 0, NULL, 0); instead of ldapssl_init. ldapssl_init is AFAK the same as ldapssl_advclientauth_init( ssl_certdbpath, NULL , 0 , NULL, NULL, 0, NULL, 2);
If that works we can look at the content of your cert8.db file. Markus "Kashif Ali Siddiqui" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hi, > > I am facing a very serious problem. I am currently unable to get a > successful LDAP bind over SSL. The LDAP server is Windows AD server with > SSL enabled on default 636 port. The libraries I use is > > * Mozilla c-sdk 6.0.3 > * NSPR 4.6.4 > * NSS 3.11.4 > > Here is the sequence of calls I made ... > > 1. ldap_set_option ( NULL, LDAP_OPT_SSL, LDAP_OPT_ON ) > 2. ldapssl_client_init ( <path to directory that holds cert8.db>, NULL) > 3. ld = ldapssl_init( <server ip address>, <server port>, 1 ) > 4. ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, (void*)&version) > 5. ldap_set_option(ld, LDAP_OPT_TIMELIMIT, &timeout ) > 6. ldap_set_option(ld, LDAP_OPT_SIZELIMIT, (void *)&maxEntitiesLimit ) > 7. ldap_set_option(ld, LDAP_OPT_RECONNECT, LDAP_OPT_ON ) > 8. ldap_simple_bind_s(ld, <user dn>, <user passwd>) > > The return values from calls 1 to 7 are all LDAP_SUCCESS, whereas the > return value of call#8 returns LDAP_SERVER_DOWN. Although the server is up > and running with SSL enabled, and why the error is returning. I have also > check the settings (server-ip, port, user-dn, user-passwd) using a > third-party ldap tool, Softera LDAP Administrator, and it works fine, > confirming that there is some issue either in Mozilla LDAP libraries or in > my code. > > Please help me resolve this issue. > > Kashif Ali Siddiqui > > _______________________________________________ dev-tech-ldap mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-ldap
