Binding and Authenticating to an LDAP Server over SSL and TLS

Question

I am writing a simple LDAP client to connect to LDAP sever over SSL. I am using "openldap-2.4.35"

So far I've tried to do a simple bind without any encryption mechanisms. Here is the code I have tried:

#define LDAP_DEPRECATED 1
#include<stdio.h>
#include<ldap.h>

#define HOST "ldap://192.168.1.95:389"
#define BASEDN "cn=manager,dc=ashwin,dc=com"

int main(){
    LDAP *ld;
    int rc;

    LDAPMessage *message;

    if(ldap_initialize(&ld, HOST))    
    {
        perror( "ldap_initialize" );
        return( 1 );
    }
    printf("LDAP initialized\n");

    rc = ldap_simple_bind_s( ld, BASEDN, "secret" );
    if( rc != LDAP_SUCCESS )
    {
        fprintf(stderr, "ldap_simple_bind_s: %s\n", ldap_err2string(rc) );
        return( 1 );
    }
    printf( "Successful authentication\n" );

    return 0;
}

This connects to LDAP and binds the user. If the ldap_simple_bind_s is successful then the authentication is successful.

Is there any documentation for building LDAP client to connect to LDAP server on SSL and StartTLS?

Answer 1

There is a detailed example on how to establish an ldap connection over SSL on MSDN (for a win32 application) :
Example Code for Establishing a Session over SSL

hope this will be useful,

Answer 2

HOST "ldap://192.168.1.95:389" should be: HOST "ldaps://192.168.1.95:636"

Also, in /etc/openssl/ldap.conf, make sure that your top root certificate is included in the pem file, e.g:

TLS_CACERT /my/top/root/certs.pem

If you have no TLS_CACERT line, add one and make sure that the pem file is readable:

cat /my/top/root/certs.pem
-----BEGIN CERTIFICATE-----
MII...
....I=
-----END CERTIFICATE-----