C API LDAP calls over SSL

Has anyone been able to use the C API LDAP functions to connect to an LDAP server over SSL?

I’m trying to update some code I have that currently connects with no encryption to use SSL.

I have tried setting the option LDAP_OPT_SSL to LDAP_OPT_ON then doing a ldap_sasl_bind_s with LDAP_SSL_EXTERNAL as the method, but it will not bind. Doing an LDAP_BIND_S also did not work.

I can use the ldapsearch utility to connect on port 636, so I know the LDAP server is set up correctly and that I have the correct SSL cert in my keyring.

Any help would be greatly appreciated.

Subject: C API LDAP calls over SSL

If all you want to do is open an ssl encrypted channel to the LDAP server, authenticate with a simple username/password, and perform some other ldap requests over this encrypted connection, then the following code snippet should serve as a good example (I haven’t compiled it, but it should be pretty close).

LDAP * ld = NULL;

char * dn = “cn=Mick Baitinger,o=acme”;

char * password = “secret”;

char * ldapHost = “myhost.acme.com”;

int ldapPort = LDAP_SSLPORT_DEFAULT;

/* see ldap.h for other LDAP_SSLPROTOVER_ values */

int sslVersion = LDAP_SSLPROTOVER_NEGOTIATED;

/* see ldap.h for other LDAP_SSLOPTS_ options */

unsigned long sslOptions = LDAP_SSLOPTS_SITECERTS | LDAP_SSLOPTS_ACCEPTEXPCERTS;

if ( ld = ldap_sslinit( ldapHost, ldapPort, 1, sslOptions, sslVersion) )
{

if ( ldap_bind_s( ld, dn, password, LDAP_AUTH_SIMPLE ) == LDAP_SUCCESS )

    {

    /* perform other desired ldap operations (e.g. ldap_search) using the ld inited above */



    ...



    /* always close an ldap connection when done */

    ldap_unbind( ld);

   }

...

Subject: RE: C API LDAP calls over SSL

Thanks, but the Domino C API does not have an ldap_sslinit function.

The documentation says to set LDAP_OPT_SSL to use SSL for client connections, but so far I have not been able to get that to work.