OK, I discovered that I have to use NULL for those LDAP* on those two options and then it works as expected.

So, couple questions:

1. Are all of the TLS and SASL global options? (i.e., need ld=NULL)

2. Does it say somewhere which options are global or not? (the man page does not)

Thanks,

Frank

On Tue, Apr 5, 2016 at 5:41 PM, Frank Crow <fjcrow2008@gmail.com> wrote:

Hi,

I've got some code that uses ldap_start_tls_s() and the server requires client-side certificates. If I set them in the environment, e.g.,

# export LDAPTLS_CERT="/etc/openldap/some.crt"
# export LDAPTLS_KEY="/etc/openldap/some.key"

Then everything works fine. However, if I use:

const char* tls_cert="/etc/openldap/some.crt";
const char* tls_key="/etc/openldap/some.key";
ldap_set_option( ld, LDAP_OPT_X_TLS_CERTFILE, tls_cert );
ldap_set_option( ld, LDAP_OPT_X_TLS_KEYFILE, tls_key );

Then it doesn't work. What am I doing wrong? Should it be "&tls_cert" and "&tls_key"?

I did do an ldap_get_option() using both methods to verify and I get the value that I'm expecting either way.

Thanks,
--
Frank

Frank