current community

your communities

more stack exchange communities

Stack Exchange
tour help
careers 2.0
Take the 2-minute tour ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 0 down vote favorite

I am writing a sample client (coded in C/C++) for authenticating user via LDAP. The client is developed for both Windows and Linux.

For Linux, I am using OpenLDAP library compiled with --with-tls (OpenSSL). For authenticating user via an encrypted channel I am skipping the server-client certificate validation. To do so, I am setting the ldap option to :

option = LDAP_OPT_X_TLS_NEVER;
returnCode = ldap_set_option(vLdapConnection, LDAP_OPT_X_TLS_REQUIRE_CERT, &option);

if(returnCode != LDAP_OPT_SUCCESS){
    return FALSE;
}

This will skip the certification validation and will always allow client to authenticate.

However, on Windows I am using wldap.dll for the application. I am not able to figure out how to disable the server-client certificate validation for LDAP over an encrypted connection.

when I run through:

returnCode = ldap_set_option(vLdapConnection, LDAP_OPT_SSL, LDAP_OPT_ON);

the returnCode is always to set to LDAP_SERVER_DOWN = 0x51

How to disable client certificate validation for LDAP with Wldap32.dll on Windows??

share|improve this question
    
Why? All you're accomplishing with this is lowering the security. If your LDAP server has a CA-signed certificate none of this should be necessary. If you don't want it secure why use SSL at all? –  EJP Jun 5 '13 at 23:51
    
This is just for an early testing purpose. We do not have any CA-signed certificates to test at this moment. –  Ashwin kumar Jun 6 '13 at 5:36
    
I suggest you skip it. Making it work the wrong way is of no interest. Use plaintext until you get a certificate. –  EJP Jun 6 '13 at 10:18
add comment

1 Answer 1

up vote 1 down vote accepted

Look at Session Options, specifically LDAP_OPT_SERVER_CERTIFICATE. It lets you specify a callback function to validate the server certificate.

share|improve this answer
add comment

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.