On Mon, 10 Jun 2013, Dan White wrote:...
> On 06/08/13 07:50 +0530, Ashwin Kumar wrote:
> > rc = ldap_set_option (ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &reqcert);If ldap_set_option() returns LDAP_OPT_ERROR then you shouldn't call
> > if(rc != LDAP_OPT_SUCCESS){
> > printf("Setting LDAP_OPT_X_TLS_REQUIRE_CERT failed:
> > %s\n",ldap_err2string(rc));
ldap_err2string(): the latter can't give a correct error strings for that
case because (currently) LDAP_OPT_ERROR == LDAP_SERVER_DOWN. Indeed, as
you saw:
That means ldap_set_option() is returning LDAP_OPT_ERROR.
> > The program always fails with:
> > *Setting LDAP_OPT_X_TLS_REQUIRE_CERT failed: Can't contact LDAP server*
My *guess* is that you're using libldap from an old version of OpenLDAP,
like 2.3.x, as those versions only supported LDAP_OPT_X_TLS_REQUIRE_CERT
pas a global option and not as a per-handle option.
If that's the case, you should obviously upgrade. If you can't upgrade
Right Now, then put it on your roadmap for Real Soon Dang It and try
changing this:
rc = ldap_set_option (ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &reqcert);to this:
rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &reqcert);
And note, this is *exactly* why you should always say what version you're
using!
Philip Guenther