Divyanshi Chauhan <[email protected]>
1:33 PM (3 hours ago)
to openldap-technical-owner, openldap-devel-owner, openldap-bugs-owner
Hello,
I have an ldaps client code which connects to the ldap server securely and does
authentication.
I have set the global option for ca cert directory.
int res = ldap_set_option(0, LDAP_OPT_X_TLS_CACERTFILE,
const_cast<char*>("path"));
Correct certificate is present in the path and hence connection to the ldap
server and authentication is successful in first attempt.
Now, as per one of the requirements, the certificate is removed from the above
client directory and authentication is attempted, we want it to fail as the
certificate is deleted from the directory. But still the bind to ldap server
and authentication is happening successfully. It should ideally fail as per my
understanding.
I did try removing the certificate from memory using following option:
char * crt;
ldap_get_option(0, LDAP_OPT_X_TLS_CACERTFILE, (void*)&crt);
ldap_memfree(crt);
I am not sure if the above way is correct or not, please advise.
I also did try forcing to look for ca certificate using following option:
int reqcert = LDAP_OPT_X_TLS_HARD;
ldap_set_option(0, LDAP_OPT_X_TLS_REQUIRE_CERT, &reqcert);
But this also did not help.
Please suggest how a certificate, which is once loaded can be deleted from the
openldap cache. Also please advise if I am doing something wrong in the above
approach.
