Hi Bradley, Thanks for the input. yes In windows platform it is added to the trusted root certificate chain list. I have verified from mmc. But still I'm not able to connect to the server. Same code I have implemented in Android and iOS platform and getting the same error as mentioned in the above email. Kindly suggest any changes required to make it work.
Thanks & Regards, Bandani Maharana On Fri, Aug 12, 2022 at 5:46 PM Bradley T Gill <[email protected]> wrote: > Have you configured your certificate TrustStore to trust the Chain that > signed the Certificate on LDAPS? > > > > The trust should be defined the ldap.conf using TLS_CACERT > > > > Bradley Gill > > > > *From:* BANDANI MAHARANA <[email protected]> > *Sent:* Thursday, August 11, 2022 2:50 PM > *To:* [email protected] > *Subject:* [EXTERNAL] Unable to connect to 636 secure port using LDAP > library > > > > This is an *EXTERNAL* email. *STOP*. *THINK* before you CLICK links or > OPEN attachments. If suspicious please click the '*Report to Incidents*' > button in Outlook or forward to [email protected] from a mobile device. > > Hi Team, > I am trying to connect to an Active directory server using 636 port for > secure connection. I am using the openldap library to establish the > connection. > > Implementation is completed for insecure connection using 389 port. Below > is the code snippet I am using to establish the connection with ldap server > in 636 port. > > > > LDAP * ldap_handler; > > int return_value = ldap_initialize(ldap_handler, "ldaps:// > TestServer.mylab.com:636 > <https://urldefense.com/v3/__http:/TestServer.mylab.com:636__;!!H3PqUTRkow!5XwTvAdX-76W7PZXtxr1m6uFTwF4LHIFgEqTfLRGdUbgDYOYq3vHb7GrGht4tpLy4utfByKHJVX_EBgymZLFKQ$>"); > //server url > > if (return_value == LDAP_SUCCESS) { > > cout<<"LDAP initialized successfully"; // this is successful > for me > > } else { > > cout<<"LDAP initialization failed"; > > } > > int return_value = ldap_set_option(*ldap_handler, > LDAP_OPT_PROTOCOL_VERSION, LDAP_VERSION3); > > if(return_value == LDAP_SUCCESS) { > > cout<<"success"; // this is successful for me > > } else { > > cout<<"failed"; > > } > > const char * CACERT_FILE_PATH = "certificate/mylab-TESTSERVER-CA.cer"; > //certificate path > > int return_value1 = ldap_set_option(*ldap_handler, > LDAP_OPT_X_TLS_CACERTFILE, CACERT_FILE_PATH); > > if (return_value1 == LDAP_SUCCESS) { > > } else { > > // its failing here with error -1, and error string "Can't contact to LDAP > server" > > } > > int return_value = ldap_simple_bind_s(*ldap_handler, > "mylab\administrator", ""pwd@1234"); > > if (return_value == LDAP_SUCCESS) { > > //success > > } else { > > // its failing here with error -1, and error string "Can't contact to > LDAP server" > > } > > I have verified the same thing is working when connecting to 389 port. > Could you please suggest how to make this work for secure ldap connection > over ssl? Please provide some examples or references. It will be helpful > for me. > > Thanks & Regards, > Bandani >
