--On Friday, September 08, 2017 6:48 PM +0000 Don jessup djessup72@yahoo.com wrote:
int reqcert = LDAP_OPT_X_TLS_NEVER; ldap_set_option (ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &reqcert);
Is there way to make this work programmatically without using the ldap.conf?
Yes. The problem is the TLS options generally have to be set globally.
You might want to look at https://github.com/quanah/openldap-scratch/commit/59dbb01122ad92ef2a6e05cc3642355ab85d6103
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
Quanah Gibson-Mount wrote:
--On Friday, September 08, 2017 6:48 PM +0000 Don jessup djessup72@yahoo.com wrote:
int reqcert = LDAP_OPT_X_TLS_NEVER; ldap_set_option (ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &reqcert);
Is there way to make this work programmatically without using the ldap.conf?
Yes. The problem is the TLS options generally have to be set globally.
???
I thought you have to set LDAP_OPT_X_TLS_NEWCTX to 0 *after* setting all TLS-related options to let libldap reinitialize the client's SSL context. Doesn't that work as expected?
Ciao, Michael.
openldap-technical@openldap.org
-
Michael Ströder -
Quanah Gibson-Mount