Bandani,

                Is the host name your connecting with in the Certificate?

 

                Also, you can try an ldapseach with –ZZ to get some more connection information.

 

Thanks,

 

Bradley Gill

 

From: BANDANI MAHARANA <bandani.maharana@gmail.com>
Sent: Saturday, August 13, 2022 6:11 AM
To: Bradley T Gill <bgill@aep.com>
Cc: openldap-technical@openldap.org
Subject: Re: [EXTERNAL] Unable to connect to 636 secure port using LDAP library

 

This is an EXTERNAL email. STOP. THINK before you CLICK links or OPEN attachments. If suspicious please click the 'Report to Incidents' button in Outlook or forward to incidents@aep.com from a mobile device.

Hi Bradley,

Thanks for the input. yes In windows platform it is added to the trusted root certificate chain list. I have verified from mmc. But still I'm not able to connect to the server.
Same code I have implemented in Android and iOS platform and getting the same error as mentioned in the above email.
Kindly suggest any changes required to make it work.

Thanks & Regards,
Bandani Maharana

 

On Fri, Aug 12, 2022 at 5:46 PM Bradley T Gill <bgill@aep.com> wrote:

Have you configured your certificate TrustStore to trust the Chain that signed the Certificate on LDAPS?

 

The trust should be defined the ldap.conf using TLS_CACERT

 

Bradley Gill

 

From: BANDANI MAHARANA <bandani.maharana@gmail.com>
Sent: Thursday, August 11, 2022 2:50 PM
To: openldap-technical@openldap.org
Subject: [EXTERNAL] Unable to connect to 636 secure port using LDAP library

 

This is an EXTERNAL email. STOP. THINK before you CLICK links or OPEN attachments. If suspicious please click the 'Report to Incidents' button in Outlook or forward to incidents@aep.com from a mobile device.

Hi Team,
I am trying to connect to an Active directory server using 636 port for secure connection. I am using the openldap library to establish the connection.

Implementation is completed for insecure connection using 389 port. Below is the code snippet I am using to establish the connection with ldap server in 636 port.

 

      LDAP * ldap_handler;

      int return_value = ldap_initialize(ldap_handler, "ldaps://TestServer.mylab.com:636"); //server url

        if (return_value == LDAP_SUCCESS) {

              cout<<"LDAP initialized successfully"; // this is successful for me

             } else {

             cout<<"LDAP initialization failed";

            }

      

      int return_value = ldap_set_option(*ldap_handler, LDAP_OPT_PROTOCOL_VERSION, LDAP_VERSION3);

      if(return_value == LDAP_SUCCESS) {

            cout<<"success"; // this is successful for me

      } else {

            cout<<"failed";

      }

      

      const char * CACERT_FILE_PATH  = "certificate/mylab-TESTSERVER-CA.cer"; //certificate path

      int return_value1 = ldap_set_option(*ldap_handler, LDAP_OPT_X_TLS_CACERTFILE, CACERT_FILE_PATH);

      if (return_value1 == LDAP_SUCCESS) {

      

      } else {

          // its failing here with error -1, and error string "Can't contact to LDAP server"

      }

      

      int return_value = ldap_simple_bind_s(*ldap_handler, "mylab\administrator", ""pwd@1234");

      if (return_value == LDAP_SUCCESS) {

          //success

      } else {

          // its failing here with error -1, and error string "Can't contact to LDAP server"

      }

      

I have verified the same thing is working when connecting to 389 port.
Could you please suggest how to make this work for secure ldap connection over ssl? Please provide some examples or references. It will be helpful for me.

Thanks & Regards,
Bandani