11:49 a.m.
Hi Team,
I am trying to connect to an Active directory server using 636 port for
secure connection. I am using the openldap library to establish the
connection.
Implementation is completed for insecure connection using 389 port. Below
is the code snippet I am using to establish the connection with ldap server
in 636 port.
LDAP * ldap_handler;
int return_value = ldap_initialize(ldap_handler, "ldaps://
TestServer.mylab.com:636"); //server url
if (return_value == LDAP_SUCCESS) {
cout<<"LDAP initialized successfully"; // this is
successful
for me
} else {
cout<<"LDAP initialization failed";
}
int return_value = ldap_set_option(*ldap_handler,
LDAP_OPT_PROTOCOL_VERSION, LDAP_VERSION3);
if(return_value == LDAP_SUCCESS) {
cout<<"success"; // this is successful for me
} else {
cout<<"failed";
}
const char * CACERT_FILE_PATH = "certificate/mylab-TESTSERVER-CA.cer";
//certificate path
int return_value1 = ldap_set_option(*ldap_handler,
LDAP_OPT_X_TLS_CACERTFILE, CACERT_FILE_PATH);
if (return_value1 == LDAP_SUCCESS) {
} else {
// its failing here with error -1, and error string "Can't contact to LDAP
server"
}
int return_value = ldap_simple_bind_s(*ldap_handler, "mylab\administrator",
""pwd@1234");
if (return_value == LDAP_SUCCESS) {
//success
} else {
// its failing here with error -1, and error string "Can't contact to LDAP
server"
}
I have verified the same thing is working when connecting to 389 port.
Could you please suggest how to make this work for secure ldap connection
over ssl? Please provide some examples or references. It will be helpful
for me.
Thanks & Regards,
Bandani
5:16 a.m.
New subject: [EXTERNAL] Unable to connect to 636 secure port using LDAP library
Have you configured your certificate TrustStore to trust the Chain that signed the
Certificate on LDAPS?
The trust should be defined the ldap.conf using TLS_CACERT
Bradley Gill
From: BANDANI MAHARANA <bandani.maharana(a)gmail.com>
Sent: Thursday, August 11, 2022 2:50 PM
To: openldap-technical(a)openldap.org
Subject: [EXTERNAL] Unable to connect to 636 secure port using LDAP library
This is an EXTERNAL email. STOP. THINK before you CLICK links or OPEN attachments. If
suspicious please click the 'Report to Incidents' button in Outlook or forward to
incidents@aep.com<mailto:incidents@aep.com> from a mobile device.
Hi Team,
I am trying to connect to an Active directory server using 636 port for secure connection.
I am using the openldap library to establish the connection.
Implementation is completed for insecure connection using 389 port. Below is the code
snippet I am using to establish the connection with ldap server in 636 port.
LDAP * ldap_handler;
int return_value = ldap_initialize(ldap_handler,
"ldaps://TestServer.mylab.com:636<https://urldefense.com/v3/__http:/TestServer.mylab.com:636__;!!H3PqUTRkow!5XwTvAdX-76W7PZXtxr1m6uFTwF4LHIFgEqTfLRGdUbgDYOYq3vHb7GrGht4tpLy4utfByKHJVX_EBgymZLFKQ$>");
//server url
if (return_value == LDAP_SUCCESS) {
cout<<"LDAP initialized successfully"; // this is successful
for me
} else {
cout<<"LDAP initialization failed";
}
int return_value = ldap_set_option(*ldap_handler, LDAP_OPT_PROTOCOL_VERSION,
LDAP_VERSION3);
if(return_value == LDAP_SUCCESS) {
cout<<"success"; // this is successful for me
} else {
cout<<"failed";
}
const char * CACERT_FILE_PATH = "certificate/mylab-TESTSERVER-CA.cer";
//certificate path
int return_value1 = ldap_set_option(*ldap_handler, LDAP_OPT_X_TLS_CACERTFILE,
CACERT_FILE_PATH);
if (return_value1 == LDAP_SUCCESS) {
} else {
// its failing here with error -1, and error string "Can't contact to
LDAP server"
}
int return_value = ldap_simple_bind_s(*ldap_handler,
"mylab\administrator", ""pwd@1234");
if (return_value == LDAP_SUCCESS) {
//success
} else {
// its failing here with error -1, and error string "Can't contact to
LDAP server"
}
I have verified the same thing is working when connecting to 389 port.
Could you please suggest how to make this work for secure ldap connection over ssl? Please
provide some examples or references. It will be helpful for me.
Thanks & Regards,
Bandani
3:11 a.m.
New subject: [EXTERNAL] Unable to connect to 636 secure port using LDAP library
Hi Bradley,
Thanks for the input. yes In windows platform it is added to the trusted
root certificate chain list. I have verified from mmc. But still I'm not
able to connect to the server.
Same code I have implemented in Android and iOS platform and getting
the same error as mentioned in the above email.
Kindly suggest any changes required to make it work.
Thanks & Regards,
Bandani Maharana
On Fri, Aug 12, 2022 at 5:46 PM Bradley T Gill <bgill(a)aep.com> wrote:
Have you configured your certificate TrustStore to trust the Chain
that
signed the Certificate on LDAPS?
The trust should be defined the ldap.conf using TLS_CACERT
Bradley Gill
*From:* BANDANI MAHARANA <bandani.maharana(a)gmail.com>
*Sent:* Thursday, August 11, 2022 2:50 PM
*To:* openldap-technical(a)openldap.org
*Subject:* [EXTERNAL] Unable to connect to 636 secure port using LDAP
library
This is an *EXTERNAL* email. *STOP*. *THINK* before you CLICK links or
OPEN attachments. If suspicious please click the '*Report to Incidents*'
button in Outlook or forward to incidents(a)aep.com from a mobile device.
Hi Team,
I am trying to connect to an Active directory server using 636 port for
secure connection. I am using the openldap library to establish the
connection.
Implementation is completed for insecure connection using 389 port. Below
is the code snippet I am using to establish the connection with ldap server
in 636 port.
LDAP * ldap_handler;
int return_value = ldap_initialize(ldap_handler, "ldaps://
TestServer.mylab.com:636
<https://urldefense.com/v3/__http:/TestServer.mylab.com:636__;!!H3PqUTRkow...;);
//server url
if (return_value == LDAP_SUCCESS) {
cout<<"LDAP initialized successfully"; // this is
successful
for me
} else {
cout<<"LDAP initialization failed";
}
int return_value = ldap_set_option(*ldap_handler,
LDAP_OPT_PROTOCOL_VERSION, LDAP_VERSION3);
if(return_value == LDAP_SUCCESS) {
cout<<"success"; // this is successful for me
} else {
cout<<"failed";
}
const char * CACERT_FILE_PATH = "certificate/mylab-TESTSERVER-CA.cer";
//certificate path
int return_value1 = ldap_set_option(*ldap_handler,
LDAP_OPT_X_TLS_CACERTFILE, CACERT_FILE_PATH);
if (return_value1 == LDAP_SUCCESS) {
} else {
// its failing here with error -1, and error string "Can't contact to LDAP
server"
}
int return_value = ldap_simple_bind_s(*ldap_handler,
"mylab\administrator", ""pwd@1234");
if (return_value == LDAP_SUCCESS) {
//success
} else {
// its failing here with error -1, and error string "Can't contact to
LDAP server"
}
I have verified the same thing is working when connecting to 389 port.
Could you please suggest how to make this work for secure ldap connection
over ssl? Please provide some examples or references. It will be helpful
for me.
Thanks & Regards,
Bandani
10:39 a.m.
New subject: [EXTERNAL] Unable to connect to 636 secure port using LDAP library
Bandani,
Is the host name your connecting with in the Certificate?
Also, you can try an ldapseach with –ZZ to get some more connection
information.
Thanks,
Bradley Gill
From: BANDANI MAHARANA <bandani.maharana(a)gmail.com>
Sent: Saturday, August 13, 2022 6:11 AM
To: Bradley T Gill <bgill(a)aep.com>
Cc: openldap-technical(a)openldap.org
Subject: Re: [EXTERNAL] Unable to connect to 636 secure port using LDAP library
This is an EXTERNAL email. STOP. THINK before you CLICK links or OPEN attachments. If
suspicious please click the 'Report to Incidents' button in Outlook or forward to
incidents@aep.com<mailto:incidents@aep.com> from a mobile device.
Hi Bradley,
Thanks for the input. yes In windows platform it is added to the trusted root certificate
chain list. I have verified from mmc. But still I'm not able to connect to the
server.
Same code I have implemented in Android and iOS platform and getting the same error as
mentioned in the above email.
Kindly suggest any changes required to make it work.
Thanks & Regards,
Bandani Maharana
On Fri, Aug 12, 2022 at 5:46 PM Bradley T Gill
<bgill@aep.com<mailto:bgill@aep.com>> wrote:
Have you configured your certificate TrustStore to trust the Chain that signed the
Certificate on LDAPS?
The trust should be defined the ldap.conf using TLS_CACERT
Bradley Gill
From: BANDANI MAHARANA
<bandani.maharana@gmail.com<mailto:bandani.maharana@gmail.com>>
Sent: Thursday, August 11, 2022 2:50 PM
To: openldap-technical@openldap.org<mailto:openldap-technical@openldap.org>
Subject: [EXTERNAL] Unable to connect to 636 secure port using LDAP library
This is an EXTERNAL email. STOP. THINK before you CLICK links or OPEN attachments. If
suspicious please click the 'Report to Incidents' button in Outlook or forward to
incidents@aep.com<mailto:incidents@aep.com> from a mobile device.
Hi Team,
I am trying to connect to an Active directory server using 636 port for secure connection.
I am using the openldap library to establish the connection.
Implementation is completed for insecure connection using 389 port. Below is the code
snippet I am using to establish the connection with ldap server in 636 port.
LDAP * ldap_handler;
int return_value = ldap_initialize(ldap_handler,
"ldaps://TestServer.mylab.com:636<https://urldefense.com/v3/__http:/TestServer.mylab.com:636__;!!H3PqUTRkow!5XwTvAdX-76W7PZXtxr1m6uFTwF4LHIFgEqTfLRGdUbgDYOYq3vHb7GrGht4tpLy4utfByKHJVX_EBgymZLFKQ$>");
//server url
if (return_value == LDAP_SUCCESS) {
cout<<"LDAP initialized successfully"; // this is successful
for me
} else {
cout<<"LDAP initialization failed";
}
int return_value = ldap_set_option(*ldap_handler, LDAP_OPT_PROTOCOL_VERSION,
LDAP_VERSION3);
if(return_value == LDAP_SUCCESS) {
cout<<"success"; // this is successful for me
} else {
cout<<"failed";
}
const char * CACERT_FILE_PATH = "certificate/mylab-TESTSERVER-CA.cer";
//certificate path
int return_value1 = ldap_set_option(*ldap_handler, LDAP_OPT_X_TLS_CACERTFILE,
CACERT_FILE_PATH);
if (return_value1 == LDAP_SUCCESS) {
} else {
// its failing here with error -1, and error string "Can't contact to
LDAP server"
}
int return_value = ldap_simple_bind_s(*ldap_handler,
"mylab\administrator", ""pwd@1234");
if (return_value == LDAP_SUCCESS) {
//success
} else {
// its failing here with error -1, and error string "Can't contact to
LDAP server"
}
I have verified the same thing is working when connecting to 389 port.
Could you please suggest how to make this work for secure ldap connection over ssl? Please
provide some examples or references. It will be helpful for me.
Thanks & Regards,
Bandani
10:48 a.m.
New subject: [EXTERNAL] Unable to connect to 636 secure port using LDAP library
--On Monday, August 15, 2022 6:39 PM +0000 Bradley T Gill <bgill(a)aep.com>
wrote:
Bandani,
Is the host name your connecting with in the Certificate?
Also, you can try an ldapseach with –ZZ to get some
more connection information.
As an aside, I'd note that the OpenLDAP client code is always an excellent
source of information on how to use libldap to accomplish working client
code.
--Quanah
218
days inactive
222
days old
openldap-technical@openldap.org
4 comments
3 participants
participants (3)
-
BANDANI MAHARANA -
Bradley T Gill -
Quanah Gibson-Mount