I'm working on client program to connect to an AD server over TLS. I have found out if I set the int reqcert = LDAP_OPT_X_TLS_NEVER;ldap_set_option (ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &reqcert);
programmatically I'm not able to connect to the AD server over TLS. If I set the option "TLS_REQCERT never" in the /usr/local/etc/openldap/ldap.conf everything works.
Is there way to make this work programmatically without using the ldap.conf?
Here is example code below:
#define LDAP_SERVER "ldaps://10.235.217.52:636"
int main( int argc, char **argv ){ LDAP *ld; int rc; char bind_dn[100];
/* Open LDAP Connection */
if( ldap_initialize(&ld, LDAP_SERVER) ) { perror("ldap_open"); return( 1 ); } // set option telling LDAP if we need to use a cert. //int reqcert = LDAP_OPT_X_TLS_NEVER; // if (ldap_set_option (ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &reqcert) != LDAP_OPT_SUCCESS) // { // perror("ldap_set_option LDAP_OPT_X_TLS_REQUIRE_CERT"); // return (1); // } int desired_version = LDAP_VERSION3; /* set the LDAP version to be 3 */ if (ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &desired_version) != LDAP_OPT_SUCCESS) { perror("ldap_set_option PROTOCOL_VERSION"); return (1); } struct timeval timeout; timeout.tv_sec = 10; timeout.tv_usec = 0; if (ldap_set_option (ld, LDAP_OPT_NETWORK_TIMEOUT, &timeout) != LDAP_OPT_SUCCESS) { perror("ldap_set_option LDAP_OPT_NETWORK_TIMEOUT"); return (1); }
sprintf(bind_dn, "%s", "bigco\\bob"); printf("Connecting as %s...\n", bind_dn);
/* User authentication (bind) */ rc = ldap_simple_bind_s(ld, bind_dn, "Testit123"); if( rc != LDAP_SUCCESS ) { fprintf(stderr, "ldap_simple_bind_s: %s\n", ldap_err2string(rc)); return( 1 ); } printf("Successful authentication\n"); ldap_unbind(ld); return( 0 );}
ThanksDon