Hi,
I am using ldap_c_sdk in verion 6.02. And I try to connect to an open ldap
server with the startTLS option. The problem is when i run the programm (see
source code at the end of the mail) I get the following output
> ldap_init( 10.3.0.226, 389 ) done.
> ldap_start_tls_s done.
> ldap_bind_s( ld, cn=Manager,dc=example,dc=com, secret,
LDAP_AUTH_SIMPLE ) done. resultcode = 81 nldap_bind_s failed.
In my opinion I have a problem with the certificate. I think it's a
litte bit
pedestrian to use a extra certification database only to hold one
certificate.
I did not find a other method.
To create the database I used the following commands:
> create db:
> certutil -N -d . # enter password
> certutil -A -n "10.3.0.226" -t "P,p,p" -i cacert.pem -d .
I append the certificate to the mail, so you can check if everything is
ok with
it, but I think so. I tried the certificate with the openldap ldapsearch
and it
worked.
So I have no conclusion how i could work on. I would be happy if you could
provide me with some links to dokuments or a good tip what could fail in the
authentication process.
Thank you
christian
certutil -L -n "10.3.0.226" -d .
output:
//------------------------------------------------------------------------------
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
00:e1:62:2f:2c:66:16:8e:7c
Signature Algorithm: PKCS #1 MD5 With RSA Encryption
Issuer: "CN=10.3.0.226,C=DE,OU=dev"
Validity:
Not Before: Mon Dec 10 07:20:47 2007
Not After : Thu Dec 07 07:20:47 2017
Subject: "CN=10.3.0.226,C=DE,OU=dev"
Subject Public Key Info:
Public Key Algorithm: PKCS #1 RSA Encryption
RSA Public Key:
Modulus:
a6:cf:a9:6d:39:51:30:8c:09:0d:75:9b:c4:3d:ce:60:
a1:28:bc:2d:4f:a8:5c:3a:3d:e7:b8:ae:31:5a:78:6d:
3c:cf:03:5b:58:0e:f7:28:cc:3a:0b:b2:8e:7c:a4:9d:
b8:f2:a1:6c:c7:d0:2a:b0:9f:9b:38:a0:cb:e6:bd:ec:
4f:63:78:40:40:f0:72:55:b1:08:6a:42:73:d2:4c:4d:
9e:6b:e1:0a:92:55:dc:c5:07:a6:62:5f:5e:68:fb:79:
76:4f:8d:50:10:15:52:73:39:94:70:3b:c2:f0:9f:32:
95:c2:fb:a7:31:68:36:a2:74:ea:2e:4e:98:1f:d0:f3
Exponent: 65537 (0x10001)
Signed Extensions:
Name: Certificate Basic Constraints
Data: Is a CA with no maximum path length.
Name: Certificate Subject Key ID
Data:
3a:e4:40:1c:41:3f:35:3d:02:fb:ef:cd:85:f0:3f:8e:
08:4b:0c:05
Name: Certificate Authority Key Identifier
Error: KeyID OR (Issuer AND Serial) must be present, not both.
Key ID:
3a:e4:40:1c:41:3f:35:3d:02:fb:ef:cd:85:f0:3f:8e:
08:4b:0c:05
Issuer:
Directory Name: "CN=10.3.0.226,C=DE,OU=dev"
Serial Number:
00:e1:62:2f:2c:66:16:8e:7c
Signature Algorithm: PKCS #1 MD5 With RSA Encryption
Signature:
93:38:53:05:25:10:07:e1:33:d4:1f:59:7e:a1:74:4a:
c5:0b:b7:b1:72:e5:96:67:d2:33:5a:26:af:f9:30:64:
46:ea:e5:c6:4d:3d:6b:35:ed:13:fe:d8:ae:e6:1c:d3:
b3:0b:76:45:ee:f3:b8:07:e0:7a:18:68:7e:f5:f2:6e:
28:54:89:68:88:e2:a2:92:60:7e:16:e8:18:62:0c:05:
c7:85:69:bc:9b:cc:68:68:f0:a3:ae:7d:2a:88:f8:ba:
64:ca:44:00:70:14:76:d9:42:76:26:b3:df:39:77:c0:
4c:f0:2a:4c:a5:7a:14:23:c2:4c:34:2e:cf:f9:9e:63
Fingerprint (MD5):
F4:03:47:05:97:79:2F:AF:B0:08:0D:AF:62:C9:BE:74
Fingerprint (SHA1):
46:6B:A9:C3:A5:84:A0:83:9C:6C:F8:DE:23:05:2A:5E:AD:08:99:6D
Certificate Trust Flags:
SSL Flags:
Valid Peer
Trusted
Email Flags:
Valid Peer
Object Signing Flags:
Valid Peer
//------------------------------------------------------------------------------
programm source code:
//------------------------------------------------------------------------------
#include <stdio.h>
#include "ldap/ldap.h"
#include "ldap/ldap_ssl.h"
#define MYLDAP_HOSTNAME "10.3.0.226"
#define MYLDAP_PORT 389
#define MYBIND_DN "cn=Manager,dc=example,dc=com"
#define MYBIND_PW "secret"
main(int argc, char **argv)
{
LDAP *ld;
int ldap_version = LDAP_VERSION3;
int resultcode;
ldapssl_client_init( "/cert/cert8.db", NULL);
if ( (ld = ldap_init( MYLDAP_HOSTNAME, MYLDAP_PORT) )== NULL )
{
printf("ldap_init( %s, %d ) failed. \n",
MYLDAP_HOSTNAME, MYLDAP_PORT);
return ( -1 );
}
printf("ldap_init( %s, %d ) done. \n", MYLDAP_HOSTNAME, MYLDAP_PORT);
ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &ldap_version );
resultcode = ldap_start_tls_s(ld, NULL, NULL );
if (resultcode != LDAP_SUCCESS )
{
printf("ldap_start_tls_s failed. \n");
return ( -1 );
}
printf("ldap_start_tls_s done. \n");
//resultcode = ldap_bind_s(ld, MYBIND_DN, MYBIND_PW, LDAP_AUTH_SIMPLE );
resultcode = ldap_simple_bind_s(ld, MYBIND_DN, MYBIND_PW );
printf( "ldap_bind_s( ld, %s, %s, LDAP_AUTH_SIMPLE ) done. resultcode =
%d n",MYBIND_DN, MYBIND_PW, resultcode );
if ( resultcode != LDAP_SUCCESS )
{
printf( "ldap_bind_s failed. \n" );
return( -1 );
}
printf("ldap_bind_s done. \n");
ldap_unbind(ld );
return ( 0 );
}
//------------------------------------------------------------------------------
_______________________________________________
dev-tech-ldap mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-ldap
