Hi,

I have just installed symas openldap v2.6.

Everything seems to be running ok, except that I cannot get C interface ldap_start_tls_s() to work.

If I do something like this the program works fine:

ldap_initialize(&ld, HOST)); 
rc = ldap_simple_bind_s(ld, BASEDN, BASEPWD);
ldap_unbind(ld);
 
However, if I do something like this the program fails with ldap error string "local error":

ldap_initialize(&ld, HOST)); 
ldap_set_option(ld, LDAP_OPT_X_TLS_CACERTFILE);
ldap_start_tls_s(ld, NULL, NULL);
rc = ldap_simple_bind_s(ld, BASEDN, BASEPWD);
ldap_unbind(ld);

From the command line, TLS seems to work fine:
The following works ok:

ldapsearch -H  ldap://ldap.domain.com:389 -D "cn=admin,dc=domain,dc=com" -w secret -b “ou=users,dc=domain,dc=com” -ZZ

This also works ok from a different server

openssl s_client -verify 10 -starttls ldap -showcerts -connect ldap.domain.com:389 -CApath /etc/ssl/certs(verification = ok):

However, if I omit the CApath it fails, not sure if that is a clue to the problem:

openssl s_client -verify 10 -starttls ldap -showcerts -connect ldap.domain.com:389 (Verification error: unable to get local issuer certificate). 

Any help would be appreciated.
If this is the wrong list, let me know. 

 ldapsearch -H
ldap://ldap.red0rb.com:389 -D "cn=admin,dc=red0rb,dc=com" -w
MdKlUIGYm0o63HxQ0RWYuKWkRkgr3Ohy -b “ou=users,dc=red0rb,dc=com” -ZZ