On Tue, 28 Feb 2012 16:40:23 -0500, Qiang Xu qixu@lexmark.com wrote:
Hello All,
Today I came across a strange problem.
I wrote a program to test ldap ssl/tls connection with OpenLDAP library. Something like the code snippet as follows: (...) ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &cert_flag); ... // bind to the server
The first binding is successful, as expected. However, the second binding is also successful, which is contrary to my expectation, because I didn't create any cert file yet.
Possibly the answer lies in the code you did not show: Create an LDAP* (with which url/host?), connect, bind, unbind.
Another observation here is that if the first binding with LDAP_OPT_X_TLS_NEVER is removed, and the second binding with LDAP_OPT_X_TLS_DEMAND set is done right from the beginning, then it will fail, as expected.
Do you use the same LDAP* connection for both "bindings"? Its options are set when it is initialized. Try to unbind and then create a new LDAP*.