On 2012.11.16 03.45, Martin.Heinzmann@belden.com wrote:
Hi, i am trying to write my own client which connects to an active directory and searches for an user. So far it works, i call "ldap_initialize", set version 3, "ldap_simple_bind_s" and then search the directory. Now i want the connection to be secure by executing a "Simple TLS handshake". I changed my hostname variable to "ldaps://ip:636" and tried "ldap_start_tls_s(ld,NULL,NULL)" before the bind but get a "cant contact ldap server" error. I think my active directory is configured the right way because with JXplorer it works over ssl and port 636.
Does anyone know which functions i have to call so a successful tls connection will be set up?
i know very little about libldap and its routines, but i do know that ldaps is not starttls, and starttls is not 636.
man 3 ldap_start_tls_s seems to specifically indicate that routine is strictly for starttls, not ldaps. that would mean that you should be connecting to the regular ldap port [389] - e.g. "ldap://hostname/", and then using ldap_start_tls_s. that wouldn't work with ldaps/636 [and ldaps is deprecated anyway].
-ben