c++ - ldap_set_option() is not setting the option "LDAP_OPT_SSL" -


i have windows application trying connect ldap server running on secured port 10636.

here's source:

#include "windows.h" #include "ntldap.h" #include "winldap.h" #include "schnlsp.h" #include "stdio.h" #include "tchar.h" const size_t newsize = 100;  //  entry point application int main(int argc, char* argv[]) {     ldap* pldapconnection = null;     int returncode = 0;      int connectsuccess = 0;     ulong version = ldap_version3;     secpkgcontext_connectioninfo sslinfo;     long lv = 0;      //  initialize ldap session using ssl.     pldapconnection = ldap_sslinit("localhost",10636,1);     if (pldapconnection == null)     {         printf( "ldap_sslinit failed.\n");         return -1;     }      //  specify version 3; default version 2.     printf("setting protocol version 3.\n");     returncode = ldap_set_option(pldapconnection,         ldap_opt_protocol_version,         (void*)&version);     if (returncode != ldap_success)         goto fatalexit;      //  verify ssl enabled on connection.     printf("checking if ssl enabled\n");     returncode = ldap_get_option(pldapconnection,ldap_opt_ssl,(void*)&lv);     if (returncode != ldap_success)         goto fatalexit;      //  if ssl not enabled, enable it.     if ((void*)lv == ldap_opt_on)         printf("ssl enabled\n");     else     {         printf("ssl not enabled.\n ssl being enabled...\n");         returncode = ldap_set_option(pldapconnection,ldap_opt_ssl,ldap_opt_on);         if (returncode != ldap_success)             goto fatalexit;     }      //  connect server.     connectsuccess = ldap_connect(pldapconnection, null);      if(connectsuccess == ldap_success)         printf("ldap_connect succeeded \n");     else     {         printf("ldap_connect failed 0x%x.\n",connectsuccess);         goto fatalexit;     }      //  bind current credentials.      printf("binding ...\n");     returncode = ldap_bind_s(pldapconnection,null,null,ldap_auth_negotiate);     if (returncode != ldap_success)         goto fatalexit;      //  retrieve ssl cipher strength.     printf("getting ssl info\n");     returncode = ldap_get_option(pldapconnection,ldap_opt_ssl_info,&sslinfo);     if (returncode != ldap_success)         goto fatalexit;      printf("ssl cipher strength = %d bits\n",sslinfo.dwcipherstrength);      goto normalexit;      //  perform cleanup. normalexit:     if (pldapconnection != null)         ldap_unbind_s(pldapconnection);     return 0;      //  perform cleanup after error. fatalexit:     if( pldapconnection != null )         ldap_unbind_s(pldapconnection);     printf( "\n\nerror: 0x%x\n", returncode);     return returncode; }

after setting ldap_set_option(pldapconnection,ldap_opt_ssl,ldap_opt_on);, application still not able set option. hence, connection fails return code ldap_server_down.

can point why not able set option? server support ldaps:// connections.

update: when did ldapsearch on ldap server 

ldapsearch -x -h ldaps://localhost -p 10636 -d 1

i got error:

ldap_url_parse_ext(ldaps://localhost:10636) ldap_create ldap_url_parse_ext(ldaps://localhost:10636/??base) ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: tcp localhost:10636 ldap_new_socket: 472 ldap_prepare_socket: 472 ldap_connect_to_host: trying ::1 10636 ldap_pvt_connect: fd: 472 tm: -1 async: 0 attempting connect: connect errno: 10061 ldap_close_socket: 472 ldap_new_socket: 472 ldap_prepare_socket: 472 ldap_connect_to_host: trying 127.0.0.1:10636 ldap_pvt_connect: fd: 472 tm: -1 async: 0 attempting connect: connect success tls trace: ssl_connect:before/connect initialization tls trace: ssl_connect:sslv2/v3 write client hello tls trace: ssl_connect:sslv3 read server hello tls certificate verification: depth: 0, err: 18, subject: /c=us/o=asf/ou=apached s/cn=zanzibar, issuer: /c=us/o=asf/ou=apacheds/cn=zanzibar tls certificate verification: error, self signed certificate tls trace: ssl3 alert write:fatal:unknown ca tls trace: ssl_connect:error in sslv3 read server certificate b tls trace: ssl_connect:error in sslv3 read server certificate b tls: can't connect: error:14090086:ssl routines:ssl3_get_server_certificate:cert ificate verify failed (self signed certificate). ldap_err2string ldap_sasl_bind(simple): can't contact ldap server (-1)

however, after adding "tls_reqcert never" ldap.conf started working.

now, how make sample program skip "tls certificate verification"?

try pass following environment variable code:

ldaptls_reqcert=never

to ignore server certificate expired or invalid.


Comments

Post a Comment

Popular posts from this blog

php - cannot display multiple markers in google maps v3 from traceroute result -

i'm newbie in php mysql , google maps v3. have problems in google maps v3. made traceroute web based , map traceroute's result in google maps v3 final project of college education. have try many tutorials didn't work. have tried tutorials in forum nothing worked. problem cannot display multiple markers got location data database. maybe because i'm newbie , not know how do. confuse looping show markers. here code <?php error_reporting(e_all ^ (e_notice)); ini_set('max_execution_time', 360); $enable_log_user = false; global $ip, $host_name, $host_ip; $host = @$_post['host']; $trace = @$_post['trace']; $self = $_server['php_self']; include("phpsqlajax_dbinfo.php"); $connection = mysql_connect ('127.0.0.1', $username, $password); if (!$connection) { die('not connected : ' . mysql_error());} $db_selected = mysql_select_db($database, $connection); if (!$db_selected) { die ('can\'t use db : ...
Read more

c# - DetailsView in ASP.Net - How to add another column on the side/add a control in each row? -

i have detailsview control on page used edit various fields of record, works in respect. i looking way add 1 column (and if works, why not more) right, absolutely read-only, show same fields of record comparison purposes. i aware there no obvious way such thing out of box detailsview . have looked other controls (transposed gridview , recommended formview , listview ), nothing satisfies. have special data binding setup using detailsview , can't out of without losing features. anyone on how "hack in" additional columns (for display only) on detailsview ? the solution have now, use second detailsview , visible set false in aspx. in code, make sure databind hidden detailsview hosts data third column first, initial detailsview named itemdetails . and in item created event, pass third column html rendering of hidden controls (in last code block) : protected void itemdetails_itemcreated(object sender, eventargs e) { if (dataite...
Read more

javascript - firefox memory leak -

i have following script (i use raphaeljs also) draws circle, waits 1 second, draws circle again, etc (you can copy paste - functional, need include raphael raphaeljs.com): <div id="holder"> </div> <script src="raphael.js" type="text/javascript"></script> <script> var paper = raphael(10, 50, 320, 200); var rad = math.pi / 180; var finangle = 0; function sector(cx, cy, r, startangle, endangle, params) { var x1 = cx + r * math.cos(-startangle * rad), x2 = cx + r * math.cos(-endangle * rad), y1 = cy + r * math.sin(-startangle * rad), y2 = cy + r * math.sin(-endangle * rad); return ["m", cx, cy, "l", x1, y1, "a", r, r, 0, +(endangle - startangle > 180), 0, x2, y2]; } var path = sector(100,100,50,0,180); var arc = paper.path(path); function draw() { path = sector(100,100,50,0,finangle); ...
Read more