Hi,
I have a very basic doubt.
I am trying to make client program which should work for both openldap
and as well as eDirectory. I am going to use openldap APIs only. My
situation is the server can be configured either to "use TLS for simple
bind with password" or not to use. So the client user knows what the
server has (TLS or not). Based on that he will mention the options
through the command line (port number 389 or 636) and boolean for use ssl
or not.
What is the difference between TLS/SSL. I am so confused after googling so
much. Both are variant of same protocol? Somebody says TLS is on top of
SSL, it tries for SSL connection and if it is not able to create secured
channel it goes for non-secured channel. Is it that way?
Is it possible to create TLS connection on both the port 389, 636. 389 is
the clear text port. how the TLS works here?
TLS works on 636?
I tried the following program,
#include<ldap.h>
#include< stdio.h>
int main() {
static LDAP * ld = NULL;
static char ldap_server[30] = "My.Ip.Add.ress",
ldap_username[30] = "cn=admin,o=domain",
ldap_password[30] = "pwd",
ldap_base_dn[30] = "o=domain";
static int ldap_port = 636;
int version,ret;
LDAPMessage * ldres, * hostres, * ent, * hostent;
char hfilter[100] = "(&(objectClass=User)(cn=kalyan))";
char * hostdn;
if ((ld = ldap_init (ldap_server, ldap_port)) == NULL)
{
fprintf (stderr,"Error:Cannot init ldap session to %s\n",
ldap_server);
return -1;
}
version = LDAP_VERSION3;
if ((ret = ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION, &version)) !=
LDAP_OPT_SUCCESS)
{
fprintf(stderr,"Cannot set LDAP version to %d: %s", version,
ldap_err2string (ret));
}
if((ret == ldap_start_tls_s(ld,NULL,NULL)) != LDAP_SUCCESS) {
fprintf(stderr, "Cannot not start TLS, err value is
%s\n",ldap_err2string(ret));
return 1;
}
if(( ret = ldap_simple_bind_s(ld, ldap_username, ldap_password)) !=
LDAP_SUCCESS){
fprintf(stderr,"ERROR cant login to ldap server
%s",ldap_err2string(ret));
return -1;
}
if((ret = ldap_search_s(ld, ldap_base_dn,
LDAP_SCOPE_SUBTREE,hfilter,NULL,0,&hostres)) != LDAP_SUCCESS)
{
fprintf(stderr,"Cannot find entry");
return -1;
}
if((hostent = ldap_first_entry(ld, hostres))== NULL) {
fprintf(stderr, "No matchinh entry found");
return -1;
}
hostdn = ldap_get_dn(ld,hostent);
printf("\n Result is out succssfully:%s\n",hostdn);
return 1;
}
In this situation my server is configured to use TLS for simple bind with
password. In the client side program i have given to use port 636 and use
TLS it actually fails saying that Can't contact LDAP server. If i use port
389 and use TLS it works fine. Is the expected output?
Finally where to use certificate. I am confused after searching a lot.
If you can clarify my doubts that would be a great help for me.
Thanks a lot for helping me,
-"kalyan"
---
You are currently subscribed to [email protected] as: [EMAIL PROTECTED]
To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the
SUBJECT of the message.
