On Fri, Nov 16, 2012 at 09:45:10AM +0100, Martin.Heinzmann@belden.com wrote:
Hi, i am trying to write my own client which connects to an active directory and searches for an user. So far it works, i call "ldap_initialize", set version 3, "ldap_simple_bind_s" and then search the directory. Now i want the connection to be secure by executing a "Simple TLS handshake ". I changed my hostname variable to "ldaps://ip:636" and tried "ldap_start_tls_s(ld,NULL,NULL)" before the bind but get a "cant contact ldap server" error.
When using ldaps:// libldap will perform the TLS Handshake automatically before sending the first LDAP request to the server. So calling ldap_start_tls_s() on a ldaps:// connection is wrong and results in the above error.
ldap_start_tls_s is for initiating the TLS Handshake on a "normal" ldap:// connection.
See http://www.openldap.org/faq/data/cache/605.html for details.
I think my active directory is configured the right way because with JXplorer it works over ssl and port 636.
Does anyone know which functions i have to call so a successful tls connection will be set up?
If really want to use ldaps:// then specifying the ldaps:// URI in ldap_initialize should be enough. Otherwise use a "ldap://" URI + ldap_start_tls_s
Ralf