Thanks for the reply. I am using OpenLDAP 2.4.35. -- Ashwin kumar (http://ashwinkumar.me)
On Mon, Jun 10, 2013 at 9:42 PM, Philip Guenther < [email protected]> wrote: > On Mon, 10 Jun 2013, Dan White wrote: > > On 06/08/13 07:50 +0530, Ashwin Kumar wrote: > ... > > > rc = ldap_set_option (ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &reqcert); > > > if(rc != LDAP_OPT_SUCCESS){ > > > printf("Setting LDAP_OPT_X_TLS_REQUIRE_CERT failed: > > > %s\n",ldap_err2string(rc)); > > If ldap_set_option() returns LDAP_OPT_ERROR then you shouldn't call > ldap_err2string(): the latter can't give a correct error strings for that > case because (currently) LDAP_OPT_ERROR == LDAP_SERVER_DOWN. Indeed, as > you saw: > > > > The program always fails with: > > > *Setting LDAP_OPT_X_TLS_REQUIRE_CERT failed: Can't contact LDAP server* > > That means ldap_set_option() is returning LDAP_OPT_ERROR. > > My *guess* is that you're using libldap from an old version of OpenLDAP, > like 2.3.x, as those versions only supported LDAP_OPT_X_TLS_REQUIRE_CERT > pas a global option and not as a per-handle option. > > If that's the case, you should obviously upgrade. If you can't upgrade > Right Now, then put it on your roadmap for Real Soon Dang It and try > changing this: > rc = ldap_set_option (ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &reqcert); > to this: > rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &reqcert); > > > And note, this is *exactly* why you should always say what version you're > using! > > > Philip Guenther > >
