I'm working on client program to connect to an AD server over TLS.   I have found out if I set the int reqcert = LDAP_OPT_X_TLS_NEVER;ldap_set_option (ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &reqcert); programmatically I'm not able to connect to the AD server over TLS.    If I set the  option  "TLS_REQCERT never" in the  /usr/local/etc/openldap/ldap.conf  everything works.

Is there way to make this work programmatically without using the ldap.conf?

Here is example code below: #define LDAP_SERVER "ldaps://10.235.217.52:636" int main( int argc, char **argv ){    LDAP *ld;    int rc;    char bind_dn[100]; /* Open LDAP Connection */     if( ldap_initialize(&ld, LDAP_SERVER) )    {        perror("ldap_open");        return( 1 );    }    // set option telling LDAP if we need to use a cert.  //int reqcert = LDAP_OPT_X_TLS_NEVER;  // if (ldap_set_option (ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &reqcert) != LDAP_OPT_SUCCESS)  //  {  //          perror("ldap_set_option LDAP_OPT_X_TLS_REQUIRE_CERT");  //          return (1);  // }   int desired_version = LDAP_VERSION3;       /* set the LDAP version to be 3 */    if (ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &desired_version) != LDAP_OPT_SUCCESS)    {       perror("ldap_set_option PROTOCOL_VERSION");       return (1);    }        struct timeval timeout;    timeout.tv_sec = 10;    timeout.tv_usec = 0;    if (ldap_set_option (ld, LDAP_OPT_NETWORK_TIMEOUT, &timeout) != LDAP_OPT_SUCCESS)    {            perror("ldap_set_option LDAP_OPT_NETWORK_TIMEOUT");            return (1);    }

sprintf(bind_dn, "%s", "bigco\bob");       printf("Connecting as %s...\n", bind_dn); /* User authentication (bind) */    rc = ldap_simple_bind_s(ld, bind_dn, "Testit123");    if( rc != LDAP_SUCCESS )    {        fprintf(stderr, "ldap_simple_bind_s: %s\n", ldap_err2string(rc));        return( 1 );    }    printf("Successful authentication\n");    ldap_unbind(ld);    return( 0 );} ThanksDon