Re: Using TLS connecting to a AD server. openldap2.4.42

Thanks,  that helps it's now working.  Don  On Sunday, September 10, 2017, 2:51:15 PM MDT, Quanah Gibson-Mount wrote: --On Sunday, September 10, 2017 2:25 PM +0200 Michael Ströder wrote: > I thought you have to set LDAP_OPT_X_TLS_NEWCTX to 0

Re: Using TLS connecting to a AD server. openldap2.4.42

--On Sunday, September 10, 2017 2:25 PM +0200 Michael Ströder wrote: I thought you have to set LDAP_OPT_X_TLS_NEWCTX to 0 *after* setting all TLS-related options to let libldap reinitialize the client's SSL context. Doesn't that work as expected? Well, my point was, he's

Re: Using TLS connecting to a AD server. openldap2.4.42

Quanah Gibson-Mount wrote: --On Friday, September 08, 2017 6:48 PM + Don jessup wrote: int reqcert = LDAP_OPT_X_TLS_NEVER; ldap_set_option (ld, LDAP_OPT_X_TLS_REQUIRE_CERT, ); Is there way to make this work programmatically without using the ldap.conf? Yes. The

Re: Using TLS connecting to a AD server. openldap2.4.42

--On Friday, September 08, 2017 6:48 PM + Don jessup wrote: int reqcert = LDAP_OPT_X_TLS_NEVER; ldap_set_option (ld, LDAP_OPT_X_TLS_REQUIRE_CERT, ); Is there way to make this work programmatically without using the ldap.conf? Yes. The problem is the TLS options

RE: Using TLS

--On Friday, July 07, 2017 4:29 PM + Daniel Le wrote: Right, ldap_set_option doesn't take string input argument. I implied an integer value such as LDAP_OPT_X_TLS_NEVER, LDAP_OPT_X_TLS_ALLOW, etc. I have no doubt it works nicely in your case. Just trying to understand

RE: Using TLS

Gibson-Mount [mailto:qua...@symas.com] Sent: Friday, July 07, 2017 11:20 AM To: Daniel Le <daniel...@exfo.com>; 'openldap-technical@openldap.org' <openldap-technical@openldap.org> Subject: RE: Using TLS --On Friday, July 07, 2017 4:05 PM + Daniel Le <daniel...@exfo.com> wrote:

RE: Using TLS

--On Friday, July 07, 2017 4:05 PM + Daniel Le wrote: Hi Quanah, I tried ldap_int_tls_config for RE24 in my app program as shown below and it didn't work. Interesting. ;/ I wonder if there's something more in what you're doing outside of that code snippet that's

RE: Using TLS

VL, g_eldap_log_id, "LDAP global context reinitialized\n"); } } Daniel -Original Message- From: Quanah Gibson-Mount [mailto:qua...@symas.com] Sent: Monday, June 26, 2017 12:36 PM To: Daniel Le <daniel...@exfo.com>; 'openldap-technical@openldap.org' <openldap-techni

RE: Using TLS

--On Monday, June 26, 2017 4:59 PM + Daniel Le wrote: int opt; opt = LDAP_OPT_X_TLS_NEVER; ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, ); -And- int new_ctx = 0; ldap_set_option(ld, LDAP_OPT_X_TLS_NEWCTX, _ctx); Hi Daniel, This case is specifically tested in

RE: Using TLS

com] Sent: Friday, June 23, 2017 5:54 PM To: Daniel Le <daniel...@exfo.com>; 'openldap-technical@openldap.org' <openldap-technical@openldap.org> Subject: RE: Using TLS --On Friday, June 23, 2017 10:31 PM + Daniel Le <daniel...@exfo.com> wrote: > Thanks Quanah. > > Usi

RE: Using TLS

--On Friday, June 23, 2017 10:31 PM + Daniel Le wrote: Thanks Quanah. Using OpenLDAP API, is it correct to set client TLS option to -not- validate server certificates as follows? int opt; opt = LDAP_OPT_X_TLS_NEVER; rc = ldap_set_option(NULL,

RE: Using TLS

...@symas.com] Sent: Friday, June 23, 2017 5:13 PM To: Daniel Le <daniel...@exfo.com>; 'openldap-technical@openldap.org' <openldap-technical@openldap.org> Subject: RE: Using TLS --On Friday, June 23, 2017 10:08 PM + Daniel Le <daniel...@exfo.com> wrote: > Hi Quanah, &

RE: Using TLS

--On Friday, June 23, 2017 10:08 PM + Daniel Le wrote: Hi Quanah, No, I'm fairly new to OpenLDAP and wasn't aware of such global context requirement. Does that only apply to client TLS options? Is global option set by passing a NULL LDAP handle? I found ITS#8573

RE: Using TLS

lt;daniel...@exfo.com>; 'openldap-technical@openldap.org' <openldap-technical@openldap.org> Subject: RE: Using TLS Hi Daniel, You are aware that you must use the global context when changing the TLS options for a client, correct? It does not work on the specific filehandle.

RE: Using TLS

Daniel -Original Message- From: Daniel Le Sent: Monday, June 19, 2017 3:58 PM To: 'Paulm' <pa...@tetrardus.net> Cc: openldap-technical@openldap.org Subject: RE: Using TLS I rebuilt with libssl (an OpenSSL library which supports SSL and TLS) and that worked. Thanks. However, I got into the c

RE: Using TLS

To: 'Paulm' <pa...@tetrardus.net> Cc: openldap-technical@openldap.org Subject: RE: Using TLS I rebuilt with libssl (an OpenSSL library which supports SSL and TLS) and that worked. Thanks. However, I got into the connect error "14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certifi

RE: Using TLS

I rebuilt with libssl (an OpenSSL library which supports SSL and TLS) and that worked. Thanks. However, I got into the connect error "14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (self signed certificate)", even though the LDAP_OPT_X_TLS_REQUIRE_CERT option is

Re: Using TLS

On Fri, Jun 16, 2017 at 03:26:20PM +, Daniel Le wrote: >Hi, > > >I'm seeing some critical error which causes the application program to >exit/terminate when ldap_start_tls_s(LDAP-handle, NULL, NULL) is >called. Tracing the code execution, ldap_start_tls_s => >

Re: Using TLS not seeing EXTERNAL as as supported SASL mechanism

--On Tuesday, February 09, 2016 02:15:25 PM +0100 Michael Ströder wrote: Bill MacAllister wrote: I am working on using TLS on an OpenLDAP server and having issues. Basically I can make a TLS connection, but I don't see EXTERNAL as one of the supportedSASLMechanisms.

Re: Using TLS not seeing EXTERNAL as Using TLS not seeing EXTERNAL as supported SASL mechanism

Bill MacAllister wrote: > I am working on using TLS on an OpenLDAP server and having issues. > Basically I can make a TLS connection, but I don't see EXTERNAL as > one of the supportedSASLMechanisms. (slapd 2.4.41+dfsg-1ubuntu2~dbp0 > built with openssl) You have to use TLS client certificate.