On 06/14/2011 09:40 AM, Massimiliano Pala wrote:
Hello Rich,
responses inline..
On 06/13/2011 10:30 AM, Rich Megginson wrote: [...]
LDAPTLS_REQCERT=never ldapsearch -x -d 1 -ZZ -H ldap://yourhost:yourport -s base -b "" > output.log 2>&1
I executed the command.. and it worked. I attach the output. Any help on how can I duplicate this behavior in my application ?
More specifically. When shall I set the option:
int opt_val = LDAP_OPT_X_TLS_ALLOW; ldap_set_option(ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &opt_val)
Possibilities:
- At startup with ld == NULL ?
- Right after ldap_initialize(&ld, url) - i.e. before ldap_start_tls() ?
- Elsewhere ?
I don't know. I suggest taking a look at the source code for ldapsearch - since that works, if you can do what it does, you should be good to go: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=clients/too... and http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=clients/too...
Last but not least: shall I use ALLOW, TRY, or NEVER as the option for REQUIRE_CERT ?
Cheers, Max