On Monday 22 January 2007 15:45, skalyanasundaram wrote: > Hi, > I have a very basic doubt. > I am trying to make client program which should work for both openldap > and as well as eDirectory. I am going to use openldap APIs only. My > situation is the server can be configured either to "use TLS for simple > bind with password" or not to use. So the client user knows what the > server has (TLS or not). Based on that he will mention the options > through the command line (port number 389 or 636) and boolean for use ssl > or not. > > What is the difference between TLS/SSL. There is no real difference. In general they are different names for the same thing.
Probably you confused the terms StartTLS and ldaps? http://www.openldap.org/faq/data/cache/185.html gives a brief overview about the differences and commons they have. > I am so confused after googling so > much. Both are variant of same protocol? Somebody says TLS is on top of > SSL, it tries for SSL connection and if it is not able to create secured > channel it goes for non-secured channel. Is it that way? > > Is it possible to create TLS connection on both the port 389, 636. 389 is > the clear text port. how the TLS works here? > TLS works on 636? > > I tried the following program, > > #include<ldap.h> > #include< stdio.h> > > int main() { > static LDAP * ld = NULL; > static char ldap_server[30] = "My.Ip.Add.ress", > ldap_username[30] = "cn=admin,o=domain", > ldap_password[30] = "pwd", > ldap_base_dn[30] = "o=domain"; > static int ldap_port = 636; > int version,ret; > > LDAPMessage * ldres, * hostres, * ent, * hostent; > char hfilter[100] = "(&(objectClass=User)(cn=kalyan))"; > char * hostdn; > > > if ((ld = ldap_init (ldap_server, ldap_port)) == NULL) > { > fprintf (stderr,"Error:Cannot init ldap session to %s\n", > ldap_server); > return -1; > } > version = LDAP_VERSION3; > if ((ret = ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION, &version)) != > LDAP_OPT_SUCCESS) > { > fprintf(stderr,"Cannot set LDAP version to %d: %s", version, > ldap_err2string (ret)); > } > > if((ret == ldap_start_tls_s(ld,NULL,NULL)) != LDAP_SUCCESS) { > fprintf(stderr, "Cannot not start TLS, err value is > %s\n",ldap_err2string(ret)); > return 1; > } > > if(( ret = ldap_simple_bind_s(ld, ldap_username, ldap_password)) != > LDAP_SUCCESS){ > fprintf(stderr,"ERROR cant login to ldap server > %s",ldap_err2string(ret)); > return -1; > } > > if((ret = ldap_search_s(ld, ldap_base_dn, > LDAP_SCOPE_SUBTREE,hfilter,NULL,0,&hostres)) != LDAP_SUCCESS) > { > fprintf(stderr,"Cannot find entry"); > return -1; > } > > if((hostent = ldap_first_entry(ld, hostres))== NULL) { > fprintf(stderr, "No matchinh entry found"); > return -1; > } > > hostdn = ldap_get_dn(ld,hostent); > printf("\n Result is out succssfully:%s\n",hostdn); > return 1; > } > > > > In this situation my server is configured to use TLS for simple bind with > password. In the client side program i have given to use port 636 and use > TLS it actually fails saying that Can't contact LDAP server. If i use port > 389 and use TLS it works fine. Is the expected output? > > Finally where to use certificate. I am confused after searching a lot. > > If you can clarify my doubts that would be a great help for me. > > Thanks a lot for helping me, > -"kalyan" > > --- > You are currently subscribed to [email protected] as: [EMAIL PROTECTED] > To unsubscribe send email to [EMAIL PROTECTED] with the word > UNSUBSCRIBE as the SUBJECT of the message. -- Ralf Haferkamp SUSE LINUX Products GmbH, Maxfeldstrasse 5, D-90409 Nuernberg T: +49-911-74053-0 F: +49-911-74053575 - [EMAIL PROTECTED] --- You are currently subscribed to [email protected] as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.
