Issue
I am writing a sample client (coded in C/C++) for authenticating user via LDAP. The client is developed for both Windows and Linux.
For Linux, I am using OpenLDAP library compiled with --with-tls (OpenSSL). For authenticating user via an encrypted channel I am skipping the server-client certificate validation. To do so, I am setting the ldap option to :
option = LDAP_OPT_X_TLS_NEVER;
returnCode = ldap_set_option(vLdapConnection, LDAP_OPT_X_TLS_REQUIRE_CERT, &option);
if(returnCode != LDAP_OPT_SUCCESS){
return FALSE;
}
This will skip the certification validation and will always allow client to authenticate.
However, on Windows I am using wldap.dll for the application. I am not able to figure out how to disable the server-client certificate validation for LDAP over an encrypted connection.
when I run through:
returnCode = ldap_set_option(vLdapConnection, LDAP_OPT_SSL, LDAP_OPT_ON);
the returnCode is always to set to LDAP_SERVER_DOWN = 0x51
How to disable client certificate validation for LDAP with Wldap32.dll on Windows??
Solution
Look at Session Options, specifically LDAP_OPT_SERVER_CERTIFICATE. It lets you specify a callback function to validate the server certificate.
Answered By – Sean Hall
This Answer collected from stackoverflow, is licensed under cc by-sa 2.5 , cc by-sa 3.0 and cc by-sa 4.0