OK, I discovered that I have to use NULL for those LDAP* on those two options and then it works as expected.

So, couple questions:

1. Are all of the TLS and SASL global options?   (i.e., need ld=NULL)
2. Does it say somewhere which options are global or not?   (the man page does not)

Thanks,
Frank


On Tue, Apr 5, 2016 at 5:41 PM, Frank Crow <fjcrow2008@gmail.com> wrote:
Hi,

I've got some code that uses ldap_start_tls_s() and the server requires client-side certificates.   If I set them in the environment, e.g.,

# export LDAPTLS_CERT="/etc/openldap/some.crt"
# export LDAPTLS_KEY="/etc/openldap/some.key"

Then everything works fine.   However, if I use:

const char* tls_cert="/etc/openldap/some.crt";
const char* tls_key="/etc/openldap/some.key";
ldap_set_option( ld, LDAP_OPT_X_TLS_CERTFILE, tls_cert );
ldap_set_option( ld, LDAP_OPT_X_TLS_KEYFILE, tls_key );

Then it doesn't work.   What am I doing wrong?   Should it be "&tls_cert" and "&tls_key"?

I did do an ldap_get_option() using both methods to verify and I get the value that I'm expecting either way.


Thanks,
--
Frank



--
Frank