How to disable certificate validation for LDAP authentication on Windows?


I am writing a sample client (coded in C/C++) for authenticating user via LDAP. The client is developed for both Windows and Linux.

For Linux, I am using OpenLDAP library compiled with --with-tls (OpenSSL). For authenticating user via an encrypted channel I am skipping the server-client certificate validation. To do so, I am setting the ldap option to :

returnCode = ldap_set_option(vLdapConnection, LDAP_OPT_X_TLS_REQUIRE_CERT, &option);

if(returnCode != LDAP_OPT_SUCCESS){
    return FALSE;

This will skip the certification validation and will always allow client to authenticate.

However, on Windows I am using wldap.dll for the application. I am not able to figure out how to disable the server-client certificate validation for LDAP over an encrypted connection.

when I run through:

returnCode = ldap_set_option(vLdapConnection, LDAP_OPT_SSL, LDAP_OPT_ON);

the returnCode is always to set to LDAP_SERVER_DOWN = 0x51

How to disable client certificate validation for LDAP with Wldap32.dll on Windows??


Look at Session Options, specifically LDAP_OPT_SERVER_CERTIFICATE. It lets you specify a callback function to validate the server certificate.

Answered By – Sean Hall

This Answer collected from stackoverflow, is licensed under cc by-sa 2.5 , cc by-sa 3.0 and cc by-sa 4.0

Leave a Reply

(*) Required, Your email will not be published