Thanks for the reply. I am using OpenLDAP 2.4.35. 

--
Ashwin kumar
(http://ashwinkumar.me)


On Mon, Jun 10, 2013 at 9:42 PM, Philip Guenther <guenther+ldaptech@sendmail.com> wrote:
On Mon, 10 Jun 2013, Dan White wrote:
> On 06/08/13 07:50 +0530, Ashwin Kumar wrote:
...
> >    rc = ldap_set_option (ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &reqcert);
> > if(rc != LDAP_OPT_SUCCESS){
> > printf("Setting LDAP_OPT_X_TLS_REQUIRE_CERT failed:
> > %s\n",ldap_err2string(rc));

If ldap_set_option() returns LDAP_OPT_ERROR then you shouldn't call
ldap_err2string(): the latter can't give a correct error strings for that
case because (currently) LDAP_OPT_ERROR == LDAP_SERVER_DOWN.  Indeed, as
you saw:

> > The program always fails with:
> > *Setting LDAP_OPT_X_TLS_REQUIRE_CERT failed: Can't contact LDAP server*

That means ldap_set_option() is returning LDAP_OPT_ERROR.

My *guess* is that you're using libldap from an old version of OpenLDAP,
like 2.3.x, as those versions only supported LDAP_OPT_X_TLS_REQUIRE_CERT
pas a global option and not as a per-handle option.

If that's the case, you should obviously upgrade.  If you can't upgrade
Right Now, then put it on your roadmap for Real Soon Dang It and try
changing this:
        rc = ldap_set_option (ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &reqcert);
to this:
        rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &reqcert);


And note, this is *exactly* why you should always say what version you're
using!


Philip Guenther