Hello All,
Today I came across a strange problem.
I wrote a program to test ldap ssl/tls connection with OpenLDAP library.
Something like the code snippet as follows:
int ret = LDAP_OPT_SUCCESS;
int cert_flag = LDAP_OPT_X_TLS_NEVER;
...
ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &c
On Tue, 28 Feb 2012 16:40:23 -0500, Qiang Xu wrote:
Hello All,
Today I came across a strange problem.
I wrote a program to test ldap ssl/tls connection with OpenLDAP
library. Something like the code snippet as follows:
(...)
ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &cert_flag);
Thanks for your reply, Hallvard.
On Tue, Feb 28, 2012 at 6:23 PM, Hallvard B Furuseth <
h.b.furus...@usit.uio.no> wrote:
> Possibly the answer lies in the code you did not show:
> Create an LDAP* (with which url/host?), connect, bind, unbind.
The complete code is quite long. But the essential p
On Tue, 28 Feb 2012 18:46:10 -0500, Qiang Xu wrote:
The complete code is quite long. But the essential parts are here.
After these options are set, it goes with
"ldap_start_tls_s(ldapHandle, NULL, NULL)" and
"ldap_sasl_bind(ldapHandle, username, LDAP_SASL_SIMPLE,
&password_ber,
NULL, NULL, &msg
On Tue, Feb 28, 2012 at 8:25 PM, Hallvard B Furuseth <
h.b.furus...@usit.uio.no> wrote:
> The essential parts here are creating the LDAP* with
> ldap_initialize() or whatever, and ldap_start_tls_s().
>
> Note that ldap_unbind() is misnamed, it should have been
> called ldap_destroy(). It does sen
Guess what? Just picked up a pearl in the sea of internet:
http://www.mailinglistarchive.com/postfix-us...@postfix.org/msg57688.html
Basically, it seems to be a feature introduced since the beginning of
openldap 2.4 version. We need to set LDAP_OPT_X_TLS_REQUIRE_CERT on an ldap
handle (already ini
Qiang Xu wrote:
Guess what? Just picked up a pearl in the sea of internet:
http://www.mailinglistarchive.com/postfix-us...@postfix.org/msg57688.html
Basically, it seems to be a feature introduced since the beginning of openldap
2.4 version. We need to set LDAP_OPT_X_TLS_REQUIRE_CERT on an ldap h
2012/3/1 Michael Ströder
> Could someone of the OpenLDAP core developers please confirm this?
> Especially whether LDAP_OPT_X_TLS_NEWCTX is set to LDAP_OPT_OFF for
> "clients"?
>
At least this is what is mentioned in the man page:
http://linux.die.net/man/3/ldap_set_option
*LDAP_OPT_X_TLS_NEWCT
Am Donnerstag 01 März 2012, 11:49:22 schrieb Michael Ströder:
> Qiang Xu wrote:
> > Guess what? Just picked up a pearl in the sea of internet:
> > http://www.mailinglistarchive.com/postfix-us...@postfix.org/msg5768
> > 8.html
> >
> > Basically, it seems to be a feature introduced since the beginni