OpenLDAP's -lldap supports initiating TLS (SSL) using either the standard "Start TLS" mechanism [RFC2830] or the non-standard "ldaps:" (Secure LDAP) mechanism. In the former case, the program should call ldap_initialize(3) with the appropriate ldap: URL, set version to 3, and then call ldap_start_tls_s(3). In the latter case, ldap_initialize(3) is called with the ldaps: URL. In both cases, appropriate certificate information should be provided via ldap.conf(5) facilities or via ldap_set_option(3)). See the client/tools for example code.
- Kurt At 03:56 PM 3/17/2006, Alexander Hartner wrote: >I am trying to connect to my LDAP directory using libLDAP. With SSL >disable the following code works, but since I switched SSL on it breaks. > > ldap = ldap_init([hostname cString], [port intValue]); > ldap_perror(ldap, "LDAP INITIALISED"); > const int version = 3; > int e = ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION, &version); > ldap_perror(ldap, "LDAP VERSION 3 SET"); > > e = ldap_simple_bind_s(ldap, [username cString], [password cString]); > > char * errorMessage = ldap_err2string(e); > ldap_perror(ldap, "LDAP BOUND"); > >The error reported is : > >LDAP BOUND: Can't contact LDAP server (-1) > >I figure this is a problem with ldap_simpel_bind_s, but i can't find >what I need to modify for SSL to work. > >Thanks > >Alexander Hartner >[EMAIL PROTECTED] > >Does a good farmer neglect a crop he has planted? >Does a good teacher overlook even the most humble student? >Does a good father allow a single child to starve? >Does a good programmer refuse to maintain his code? > - The Tao of Programming > >
