Hi, I am trying to do authentication with openldap using TLS. The flowing program works fine if the ldap_port is 389. But if i mention 636 it gives me the error can't contact the ldap server. I use slapd 2.3.19 and SLES. Does the openldap by default listen on 636? or do i need to pass the certificate must. (If in that case can you please point out some link). What i am missing here. Anybody please help me on this.
thanks for your all help.
#include<ldap.h> #include<stdio.h>
int main() { static LDAP * ld = NULL; static char ldap_server[30] = "My.Ip.Add.ress", ldap_username[30] = "cn=admin,o=domain", ldap_password[30] = "pwd", ldap_base_dn[30] = "o=domain"; static int ldap_port = 636; int version,ret;
LDAPMessage * ldres, * hostres, * ent, * hostent; char hfilter[100] = "(&(objectClass=User)(cn=kalyan))"; char * hostdn;
if ((ld = ldap_init (ldap_server, ldap_port)) == NULL) { fprintf (stderr,"Error:Cannot init ldap session to %s\n", ldap_server); return -1; } version = LDAP_VERSION3; if ((ret = ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION, &version)) != LDAP_OPT_SUCCESS) { fprintf(stderr,"Cannot set LDAP version to %d: %s", version, ldap_err2string (ret)); }
if((ret == ldap_start_tls_s(ld,NULL,NULL)) != LDAP_SUCCESS) { fprintf(stderr, "Cannot not start TLS, err value is %s\n",ldap_err2string(ret)); return 1; }
if(( ret = ldap_simple_bind_s(ld, ldap_username, ldap_password)) != LDAP_SUCCESS){ fprintf(stderr,"ERROR cant login to ldap server %s",ldap_err2string(ret)); return -1; }
if((ret = ldap_search_s(ld, ldap_base_dn, LDAP_SCOPE_SUBTREE,hfilter,NULL,0,&hostres)) != LDAP_SUCCESS) { fprintf(stderr,"Cannot find entry"); return -1; }
if((hostent = ldap_first_entry(ld, hostres))== NULL) { fprintf(stderr, "No matchinh entry found"); return -1; }
hostdn = ldap_get_dn(ld,hostent); printf("\n Result is out succssfully:%s\n",hostdn); return 1; }
-Kalyan