LDAP and SSL

[irona20]

Hi!

I'm trying to connect with a LDAP. My code:

Code:

if (ldapssl_client_init(strFile + "\\cert7.db", NULL) < 0)
		{ 
			throw new CLoginException (IDS_LDAP_CONNECTION_ERROR);
			bRetcode = FALSE; 
		}
		// First setup a LDAP connection 
		if ( (ld = ldapssl_init(sHost,nPort,1 )) == NULL ) 
		{ 
			throw new CLoginException (IDS_LDAP_CONNECTION_ERROR);
			bRetcode = FALSE; 
		}

int nRes = ldap_simple_bind_s( ld, "uid=foroadmin,o=FORO,c=es", "foroadmin" );

	if ( nRes != LDAP_SUCCESS ) 
	{ 
		throw new CLoginException (IDS_LDAP_CONNECTION_ERROR);
		bRetcode = FALSE; 
	}

When I try to call ldap_simple_bind_s, I get the error LDAP_SERVER_DOWN = "Can't contact ldap server". How could be the problem?
I have a program called "LDAP browser", and with that program all is fine.
Any ideas?

[irona20]

Any idea?

[Elhadif]

Hi

I'm connection via SSL but uses different approach.

I do:
1) ldap_init (and not ldap_sslinit)
2) ldap_set_option(pLdap, LDAP_OPT_SSL, LDAP_OPT_ON)
3) ldap_simple_bind_s

Works great for me.
Since you have another LDAP client that can connect via SSL I believe you have no probelm with Certificates/

Hope it will work for you.
Elhadif

[irona20]

Thank you very much Elhadif!
But now I get the error LDAP_LOCAL_ERROR
My code:

Code:

LDAP* ld = ldap_init ("scorpions", 636);	
int iRtn;
iRtn = ldap_set_option(ld, LDAP_OPT_SSL, LDAP_OPT_ON);
if ( iRtn != LDAP_SUCCESS )
{
	TRACE ("Error");
}
iRtn = ldap_simple_bind_s(ld,NULL,NULL);
if ( iRtn != LDAP_SUCCESS )
{
	TRACE ("Error");
	const char* error = ldap_err2string (iRtn);
}

And error is "Local error". But my other LDAP client connects fine.

[irona20]

If I execute this code:

Code:

CString sInfo;
SDKVersion = ldap_version( &ver );
if ( ver.security_level != LDAP_SECURITY_NONE ) 
{
   sInfo.Format( "Level of encryption: %d bits\n", ver.security_level );
}
else
{
   sInfo= "SSL not enabled.\n" ;
}

sInfo is "SSL not enabled"... I think that could be the problem, but I don't know how I can enable SSL.

Any ideas? Thank you again.