On Fri, Nov 16, 2012 at 09:45:10AM +0100, [email protected] wrote: > > > Hi, > i am trying to write my own client which connects to an active directory > and searches for an user. So far it works, i call "ldap_initialize", set > version 3, "ldap_simple_bind_s" and then search the directory. > Now i want the connection to be secure by executing a "Simple TLS handshake > ". I changed my hostname variable to "ldaps://ip:636" and tried > "ldap_start_tls_s(ld,NULL,NULL)" before the bind but get a "cant contact > ldap server" error. When using ldaps:// libldap will perform the TLS Handshake automatically before sending the first LDAP request to the server. So calling ldap_start_tls_s() on a ldaps:// connection is wrong and results in the above error.
ldap_start_tls_s is for initiating the TLS Handshake on a "normal" ldap:// connection. See http://www.openldap.org/faq/data/cache/605.html for details. > I think my active directory is configured the right way > because with JXplorer it works over ssl and port 636. > > Does anyone know which functions i have to call so a successful tls > connection will be set up? If really want to use ldaps:// then specifying the ldaps:// URI in ldap_initialize should be enough. Otherwise use a "ldap://"; URI + ldap_start_tls_s Ralf
