Hi Team, I am trying to connect to an Active directory server using 636 port for secure connection. I am using the openldap library to establish the connection. Implementation is completed for insecure connection using 389 port. Below is the code snippet I am using to establish the connection with ldap server in 636 port.
LDAP * ldap_handler; int return_value = ldap_initialize(ldap_handler, "ldaps:// TestServer.mylab.com:636"); //server url if (return_value == LDAP_SUCCESS) { cout<<"LDAP initialized successfully"; // this is successful for me } else { cout<<"LDAP initialization failed"; } int return_value = ldap_set_option(*ldap_handler, LDAP_OPT_PROTOCOL_VERSION, LDAP_VERSION3); if(return_value == LDAP_SUCCESS) { cout<<"success"; // this is successful for me } else { cout<<"failed"; } const char * CACERT_FILE_PATH = "certificate/mylab-TESTSERVER-CA.cer"; //certificate path int return_value1 = ldap_set_option(*ldap_handler, LDAP_OPT_X_TLS_CACERTFILE, CACERT_FILE_PATH); if (return_value1 == LDAP_SUCCESS) { } else { // its failing here with error -1, and error string "Can't contact to LDAP server" } int return_value = ldap_simple_bind_s(*ldap_handler, "mylab\administrator", ""pwd@1234"); if (return_value == LDAP_SUCCESS) { //success } else { // its failing here with error -1, and error string "Can't contact to LDAP server" } I have verified the same thing is working when connecting to 389 port. Could you please suggest how to make this work for secure ldap connection over ssl? Please provide some examples or references. It will be helpful for me.
Thanks & Regards, Bandani
Have you configured your certificate TrustStore to trust the Chain that signed the Certificate on LDAPS?
The trust should be defined the ldap.conf using TLS_CACERT
Bradley Gill
From: BANDANI MAHARANA bandani.maharana@gmail.com Sent: Thursday, August 11, 2022 2:50 PM To: openldap-technical@openldap.org Subject: [EXTERNAL] Unable to connect to 636 secure port using LDAP library
This is an EXTERNAL email. STOP. THINK before you CLICK links or OPEN attachments. If suspicious please click the 'Report to Incidents' button in Outlook or forward to incidents@aep.commailto:incidents@aep.com from a mobile device.
Hi Team, I am trying to connect to an Active directory server using 636 port for secure connection. I am using the openldap library to establish the connection. Implementation is completed for insecure connection using 389 port. Below is the code snippet I am using to establish the connection with ldap server in 636 port.
LDAP * ldap_handler; int return_value = ldap_initialize(ldap_handler, "ldaps://TestServer.mylab.com:636https://urldefense.com/v3/__http:/TestServer.mylab.com:636__;!!H3PqUTRkow!5XwTvAdX-76W7PZXtxr1m6uFTwF4LHIFgEqTfLRGdUbgDYOYq3vHb7GrGht4tpLy4utfByKHJVX_EBgymZLFKQ$"); //server url if (return_value == LDAP_SUCCESS) { cout<<"LDAP initialized successfully"; // this is successful for me } else { cout<<"LDAP initialization failed"; } int return_value = ldap_set_option(*ldap_handler, LDAP_OPT_PROTOCOL_VERSION, LDAP_VERSION3); if(return_value == LDAP_SUCCESS) { cout<<"success"; // this is successful for me } else { cout<<"failed"; } const char * CACERT_FILE_PATH = "certificate/mylab-TESTSERVER-CA.cer"; //certificate path int return_value1 = ldap_set_option(*ldap_handler, LDAP_OPT_X_TLS_CACERTFILE, CACERT_FILE_PATH); if (return_value1 == LDAP_SUCCESS) { } else { // its failing here with error -1, and error string "Can't contact to LDAP server" } int return_value = ldap_simple_bind_s(*ldap_handler, "mylab\administrator", ""pwd@1234"); if (return_value == LDAP_SUCCESS) { //success } else { // its failing here with error -1, and error string "Can't contact to LDAP server" } I have verified the same thing is working when connecting to 389 port. Could you please suggest how to make this work for secure ldap connection over ssl? Please provide some examples or references. It will be helpful for me.
Thanks & Regards, Bandani
Hi Bradley,
Thanks for the input. yes In windows platform it is added to the trusted root certificate chain list. I have verified from mmc. But still I'm not able to connect to the server. Same code I have implemented in Android and iOS platform and getting the same error as mentioned in the above email. Kindly suggest any changes required to make it work.
Thanks & Regards, Bandani Maharana
On Fri, Aug 12, 2022 at 5:46 PM Bradley T Gill bgill@aep.com wrote:
Have you configured your certificate TrustStore to trust the Chain that signed the Certificate on LDAPS?
The trust should be defined the ldap.conf using TLS_CACERT
Bradley Gill
*From:* BANDANI MAHARANA bandani.maharana@gmail.com *Sent:* Thursday, August 11, 2022 2:50 PM *To:* openldap-technical@openldap.org *Subject:* [EXTERNAL] Unable to connect to 636 secure port using LDAP library
This is an *EXTERNAL* email. *STOP*. *THINK* before you CLICK links or OPEN attachments. If suspicious please click the '*Report to Incidents*' button in Outlook or forward to incidents@aep.com from a mobile device.
Hi Team, I am trying to connect to an Active directory server using 636 port for secure connection. I am using the openldap library to establish the connection.
Implementation is completed for insecure connection using 389 port. Below is the code snippet I am using to establish the connection with ldap server in 636 port.
LDAP * ldap_handler;
int return_value = ldap_initialize(ldap_handler, "ldaps:// TestServer.mylab.com:636 https://urldefense.com/v3/__http:/TestServer.mylab.com:636__;!!H3PqUTRkow!5XwTvAdX-76W7PZXtxr1m6uFTwF4LHIFgEqTfLRGdUbgDYOYq3vHb7GrGht4tpLy4utfByKHJVX_EBgymZLFKQ$"); //server url
if (return_value == LDAP_SUCCESS) { cout<<"LDAP initialized successfully"; // this is successfulfor me
} else { cout<<"LDAP initialization failed"; }int return_value = ldap_set_option(*ldap_handler, LDAP_OPT_PROTOCOL_VERSION, LDAP_VERSION3);
if(return_value == LDAP_SUCCESS) {
cout<<"success"; // this is successful for me
} else {
cout<<"failed";
}
const char * CACERT_FILE_PATH = "certificate/mylab-TESTSERVER-CA.cer"; //certificate path
int return_value1 = ldap_set_option(*ldap_handler, LDAP_OPT_X_TLS_CACERTFILE, CACERT_FILE_PATH);
if (return_value1 == LDAP_SUCCESS) {
} else {
// its failing here with error -1, and error string "Can't contact to LDAP server"
}
int return_value = ldap_simple_bind_s(*ldap_handler, "mylab\administrator", ""pwd@1234");
if (return_value == LDAP_SUCCESS) {
//success
} else {
// its failing here with error -1, and error string "Can't contact to LDAP server"
}
I have verified the same thing is working when connecting to 389 port. Could you please suggest how to make this work for secure ldap connection over ssl? Please provide some examples or references. It will be helpful for me.
Thanks & Regards, Bandani
Bandani, Is the host name your connecting with in the Certificate?
Also, you can try an ldapseach with –ZZ to get some more connection information.
Thanks,
Bradley Gill
From: BANDANI MAHARANA bandani.maharana@gmail.com Sent: Saturday, August 13, 2022 6:11 AM To: Bradley T Gill bgill@aep.com Cc: openldap-technical@openldap.org Subject: Re: [EXTERNAL] Unable to connect to 636 secure port using LDAP library
This is an EXTERNAL email. STOP. THINK before you CLICK links or OPEN attachments. If suspicious please click the 'Report to Incidents' button in Outlook or forward to incidents@aep.commailto:incidents@aep.com from a mobile device.
Hi Bradley,
Thanks for the input. yes In windows platform it is added to the trusted root certificate chain list. I have verified from mmc. But still I'm not able to connect to the server. Same code I have implemented in Android and iOS platform and getting the same error as mentioned in the above email. Kindly suggest any changes required to make it work.
Thanks & Regards, Bandani Maharana
On Fri, Aug 12, 2022 at 5:46 PM Bradley T Gill <bgill@aep.commailto:bgill@aep.com> wrote: Have you configured your certificate TrustStore to trust the Chain that signed the Certificate on LDAPS?
The trust should be defined the ldap.conf using TLS_CACERT
Bradley Gill
From: BANDANI MAHARANA <bandani.maharana@gmail.commailto:bandani.maharana@gmail.com> Sent: Thursday, August 11, 2022 2:50 PM To: openldap-technical@openldap.orgmailto:openldap-technical@openldap.org Subject: [EXTERNAL] Unable to connect to 636 secure port using LDAP library
This is an EXTERNAL email. STOP. THINK before you CLICK links or OPEN attachments. If suspicious please click the 'Report to Incidents' button in Outlook or forward to incidents@aep.commailto:incidents@aep.com from a mobile device.
Hi Team, I am trying to connect to an Active directory server using 636 port for secure connection. I am using the openldap library to establish the connection. Implementation is completed for insecure connection using 389 port. Below is the code snippet I am using to establish the connection with ldap server in 636 port.
LDAP * ldap_handler; int return_value = ldap_initialize(ldap_handler, "ldaps://TestServer.mylab.com:636https://urldefense.com/v3/__http:/TestServer.mylab.com:636__;!!H3PqUTRkow!5XwTvAdX-76W7PZXtxr1m6uFTwF4LHIFgEqTfLRGdUbgDYOYq3vHb7GrGht4tpLy4utfByKHJVX_EBgymZLFKQ$"); //server url if (return_value == LDAP_SUCCESS) { cout<<"LDAP initialized successfully"; // this is successful for me } else { cout<<"LDAP initialization failed"; } int return_value = ldap_set_option(*ldap_handler, LDAP_OPT_PROTOCOL_VERSION, LDAP_VERSION3); if(return_value == LDAP_SUCCESS) { cout<<"success"; // this is successful for me } else { cout<<"failed"; } const char * CACERT_FILE_PATH = "certificate/mylab-TESTSERVER-CA.cer"; //certificate path int return_value1 = ldap_set_option(*ldap_handler, LDAP_OPT_X_TLS_CACERTFILE, CACERT_FILE_PATH); if (return_value1 == LDAP_SUCCESS) { } else { // its failing here with error -1, and error string "Can't contact to LDAP server" } int return_value = ldap_simple_bind_s(*ldap_handler, "mylab\administrator", ""pwd@1234"); if (return_value == LDAP_SUCCESS) { //success } else { // its failing here with error -1, and error string "Can't contact to LDAP server" } I have verified the same thing is working when connecting to 389 port. Could you please suggest how to make this work for secure ldap connection over ssl? Please provide some examples or references. It will be helpful for me.
Thanks & Regards, Bandani
--On Monday, August 15, 2022 6:39 PM +0000 Bradley T Gill bgill@aep.com wrote:
Bandani,
Is the host name your connecting with in the Certificate? Also, you can try an ldapseach with –ZZ to get somemore connection information.
As an aside, I'd note that the OpenLDAP client code is always an excellent source of information on how to use libldap to accomplish working client code.
--Quanah
openldap-technical@openldap.org
-
BANDANI MAHARANA -
Bradley T Gill -
Quanah Gibson-Mount