Hi everyone,
I'm trying to work out why some sample code doesn't work against a Centos 5 system (Centos being a RedHat Enterprise clone).
Client is Mac OS X 10.5, and server is Centos 5.3, OpenDLAP 2.3.43. The sample code is from http://docs.sun.com/source/816-5616-10/example.htm#13303. (Am not using the Sun SDK, it was just a convenient place to find sample code. If there are OpenLDAP sample code resources, a link is welcome.)
In particular the problem occurs at this piece of code: /* Bind anonymously to the LDAP server. */ rc = ldap_simple_bind_s( ld, NULL, NULL ); if ( rc != LDAP_SUCCESS ) { fprintf(stderr, "ldap_simple_bind_s: %s\n", ldap_err2string(rc)); return( 1 ); }
The resultant output is an error, namely; 'ldap_simple_bind_s: Protocol error'
In comparison, if I run the same code against a Gentoo Linux system that also has OpenLDAP 2.3.43 the sample code works just fine.
If I do an ldapsearch from the Mac OS X client with the query below, it succeeds. ldapsearch -x -h remoteCentosldapsvr -b basedn
Can anyone suggest why the Centos 5 system is showing the protocol error?
Thanks Regards Stephen
Stephen writes:
/* Bind anonymously to the LDAP server. */ rc = ldap_simple_bind_s( ld, NULL, NULL );
I think that still Binds with LDAP version 2, which the server may be rejecting. Try to set LDAP version 3 first: int protocol = LDAP_VERSION3; ldap_set_option( NULL, LDAP_OPT_PROTOCOL_VERSION, &protocol );
if ( rc != LDAP_SUCCESS ) { fprintf(stderr, "ldap_simple_bind_s: %s\n", ldap_err2string(rc)); return( 1 ); }
That only prints a textual representation fo the error code. It does not print the diagnosticMessage which the server may have enclosed to answer your question. Try ldap_perror(ld, "Bind failed");
ldap_perror is deprecated, but it's by far the simplest way. An alternative is ldap_get_option( ld, LDAP_OPT_DIAGNOSTIC_MESSAGE, &msg ); followed by printing and ldap_memfree()ing the message. Or async Bind, then print and free the messages from ldap_parse_result().
Stephen writes:
/* Bind anonymously to the LDAP server. */ rc = ldap_simple_bind_s( ld, NULL, NULL );
I think that still Binds with LDAP version 2, which the server may be rejecting. Try to set LDAP version 3 first: int protocol = LDAP_VERSION3; ldap_set_option( NULL, LDAP_OPT_PROTOCOL_VERSION, &protocol );
Yes, that was it.
if ( rc != LDAP_SUCCESS ) { fprintf(stderr, "ldap_simple_bind_s: %s\n", ldap_err2string(rc)); return( 1 ); }
That only prints a textual representation fo the error code. It does not print the diagnosticMessage which the server may have enclosed to answer your question. Try ldap_perror(ld, "Bind failed");
Implementing this results in a very useful error message confirming your guess... Bind failed: Protocol error (2) additional info: historical protocol version requested, use LDAPv3 instead
Thank you for your helpful reply
Regards Stephen
openldap-technical@openldap.org
-
Hallvard B Furuseth -
Stephen