programmatically I'm not able to connect to the AD server over TLS. If I set the option "TLS_REQCERT never" in the /usr/local/etc/openldap/ldap.conf everything works.
#define LDAP_SERVER "ldaps://10.235.217.52:636"
int main( int argc, char **argv )
{
LDAP *ld;
int rc;
char bind_dn[100];
/* Open LDAP Connection */
if( ldap_initialize(&ld, LDAP_SERVER) )
{
perror("ldap_open");
return( 1 );
}
// set option telling LDAP if we need to use a cert.
//int reqcert = LDAP_OPT_X_TLS_NEVER;
// if (ldap_set_option (ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &reqcert) != LDAP_OPT_SUCCESS)
// {
// perror("ldap_set_option LDAP_OPT_X_TLS_REQUIRE_CERT");
// return (1);
// }
int desired_version = LDAP_VERSION3;
/* set the LDAP version to be 3 */
if (ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &desired_version) != LDAP_OPT_SUCCESS)
{
perror("ldap_set_option PROTOCOL_VERSION");
return (1);
}
struct timeval timeout;
timeout.tv_sec = 10;
timeout.tv_usec = 0;
if (ldap_set_option (ld, LDAP_OPT_NETWORK_TIMEOUT, &timeout) != LDAP_OPT_SUCCESS)
{
perror("ldap_set_option LDAP_OPT_NETWORK_TIMEOUT");
return (1);
}
sprintf(bind_dn, "%s", "bigco\\bob");
printf("Connecting as %s...\n", bind_dn);
/* User authentication (bind) */
rc = ldap_simple_bind_s(ld, bind_dn, "Testit123");
if( rc != LDAP_SUCCESS )
{
fprintf(stderr, "ldap_simple_bind_s: %s\n", ldap_err2string(rc));
return( 1 );
}
printf("Successful authentication\n");
ldap_unbind(ld);
return( 0 );
}