On 06/14/2011 09:40 AM, Massimiliano Pala wrote:
Hello Rich,
responses inline..
On 06/13/2011 10:30 AM, Rich Megginson wrote:
[...]
LDAPTLS_REQCERT=never ldapsearch -x -d 1 -ZZ -H
ldap://yourhost:yourport -s base -b "" >
output.log 2>&1
I executed the command.. and it worked. I attach the output. Any help on
how can I duplicate this behavior in my application ?
More specifically. When shall I set the option:
int opt_val = LDAP_OPT_X_TLS_ALLOW;
ldap_set_option(ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &opt_val)
Possibilities:
- At startup with ld == NULL ?
- Right after ldap_initialize(&ld, url) - i.e. before ldap_start_tls() ?
- Elsewhere ?
I don't know. I suggest taking a look at the source code for ldapsearch
- since that works, if you can do what it does, you should be good to go:
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=clients/tools/ldapsearch.c;h=494898a762f35f7eb5fe97f2768d25c6579090dd;hb=HEAD
and
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=clients/tools/common.c;h=262631e4cad1ca904c684786ff9fc4d33cdadbe9;hb=HEAD
Last but not least: shall I use ALLOW, TRY, or NEVER as the option for
REQUIRE_CERT ?
Cheers,
Max
