Hi,
I created an iOS app using xcode version 6.0.1. This app should accept the windows login information from the user.
I'm using OpenLDap to do the authentication.
This is the code I'm using, works fine with Ldap and port 389
How do I make it work with Ldaps and port 636?
# define LDAP_SERVER = "ldap://host:389"
- (BOOL)checkValidUser:(NSString *)username password:(NSString *)password
{
LDAP *ld;
int rc;
int desired_version = LDAP_VERSION3;
struct berval cred;
size_t len = strlen([username UTF8String]) + 1;
char usr [len];
memcpy(usr, [usernameUTF8String], len);
size_t len2 = strlen([password UTF8String]) + 1;
char passwd [len2];
memcpy(passwd, [password UTF8String], len2);
cred.bv_val = (char *) passwd;
cred.bv_len = strlen( passwd );
if( ldap_initialize( &ld, LDAP_SERVER ) )
{
return NO;
}
rc = ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &desired_version);
if ( rc != LDAP_SUCCESS ) {
perror( "ldap_set_option failed" );
exit(EXIT_FAILURE);
}
else
{
printf("Set LDAPv3 client version.\n");
}
// Simple Authentication
rc = ldap_sasl_bind_s( ld, usr, LDAP_SASL_SIMPLE, &cred, NULL, NULL, NULL );
if( rc != LDAP_SUCCESS )
{
fprintf(stderr, "ldap_sasl_bind_s: %s\n", ldap_err2string(rc) );
return NO;
}
else
{
return YES;
}
}
Thanks, Marian
hi,
while I can hardly say anything about your code, I think you should read up on how to use openssl in objective c (I guess thats what you use to write your app).
The general Idea would be to open an SSL connection to ldapserver port 636 and then through that connection (e.g. the socket), do exactly the same as you did before with an unencrypted connection.
As a side note, LDAPS is considered deprecated in favour of using STARTTLS on Port 389 instead, so you might want to read up on that too.
Regards,
Bernd May wrote:
hi,
while I can hardly say anything about your code, I think you should read up on how to use openssl in objective c (I guess thats what you use to write your app).
The code was pretty awful, but there's no need to call OpenSSL directly. ldap_initialize takes care of it.
As a side note, LDAPS is considered deprecated in favour of using STARTTLS on Port 389 instead, so you might want to read up on that too.
Regards,
openldap-technical@openldap.org