On Mon, 10 Jun 2013, Dan White wrote:
On 06/08/13 07:50 +0530, Ashwin Kumar wrote:
...
rc = ldap_set_option (ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &reqcert); if(rc != LDAP_OPT_SUCCESS){ printf("Setting LDAP_OPT_X_TLS_REQUIRE_CERT failed: %s\n",ldap_err2string(rc));
If ldap_set_option() returns LDAP_OPT_ERROR then you shouldn't call ldap_err2string(): the latter can't give a correct error strings for that case because (currently) LDAP_OPT_ERROR == LDAP_SERVER_DOWN. Indeed, as you saw:
The program always fails with: *Setting LDAP_OPT_X_TLS_REQUIRE_CERT failed: Can't contact LDAP server*
That means ldap_set_option() is returning LDAP_OPT_ERROR.
My *guess* is that you're using libldap from an old version of OpenLDAP, like 2.3.x, as those versions only supported LDAP_OPT_X_TLS_REQUIRE_CERT pas a global option and not as a per-handle option.
If that's the case, you should obviously upgrade. If you can't upgrade Right Now, then put it on your roadmap for Real Soon Dang It and try changing this: rc = ldap_set_option (ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &reqcert); to this: rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &reqcert);
And note, this is *exactly* why you should always say what version you're using!
Philip Guenther