|
| ldap_sslinit fails on Windows XP, eDir version 8.7.1 |
 |
Wed, 27 Apr 2005 10:43:54 GMT |
Hi
I am running eDirectory version 8.7.1 on Windows 2000 Server.
I am able to successfully connect to LDAP server over SSL from Windows
2000 professionsal box.
But the same code fails on Windows XP Professional client box.
Below is the line of code that fails
ldap_sslinit(HostName, PortNumber, 1);
ldap_connect(pld, nil); //returns the error message as 'Server Down'
// if the above succeeds i bind using the below function
// ldap_bind_s(pld, dn, password, LDAP_AUTH_SIMPLE);
I am using wldap32.dll library wrapped through Delphi client code (Open
source jedi.org, WinLdap.pas).
I have also set the 'LDAP client/server signing requirements' options
to 'None' in XP Local Security Settings, but it did not make any
difference.
Is there anything I am missing. Appreciate your response on this. Thanks
for your support.
Regards,
-Kiran.
|
| Post Reply
|
| Re: ldap_sslinit fails on Windows XP, eDir version 8.7.1 |
 |
Wed, 27 Apr 2005 20:34:08 GMT |
Hi,
Looking at
http://msdn.microsoft.com/library/en-us/ldap/ldap/example_code_for_establishing_
a_session_over_ssl.asp?frame=true
it looks like the winLdap sdk uses Schannel. Do you have an event log error
for system/Schannel when you attempt to connect? If so, what is it? Did
you introduce the trusted root certificate into the Windows trusted root
store? Are you using the server name (not ip address)? Does ldp.exe to
port 636 work ok?
Thank you
Susan
|
| Post Reply
|
| Re: ldap_sslinit fails on Windows XP, eDir version 8.7.1 |
 |
Thu, 28 Apr 2005 09:00:32 GMT |
Hi,
"Susan Perrin" <devsup @novell.com> wrote in
news:4HSbe.1114$0Q4.268@prv-forum2.provo.novell.com:
> Hi,
>
> Looking at
> http://msdn.microsoft.com/library/en-us/ldap/ldap/example_code_for_establ
> ishing_a_session_over_ssl.asp?frame=true it looks like the winLdap sdk
> uses Schannel. Do you have an event log error for system/Schannel when
> you attempt to connect? If so, what is it? Did you introduce the
> trusted root certificate into the Windows trusted root store? Are you
> using the server name (not ip address)? Does ldp.exe to port 636 work
> ok?
please check also if you have the WinXP firewall activated - it closes
everything; and you should disable that...
Guenter.
|
| Post Reply
|
| Re: ldap_sslinit fails on Windows XP, eDir version 8.7.1 |
 |
Thu, 28 Apr 2005 09:33:15 GMT |
Kiran,
See the link provided by Susan, and add those ldap_get_option/ldap_set_option
calls to your code. LDAP_OPT_SSL has a
different default value on Win2k and XP as I recall, and LDAPV3 is needed too.
We also used the LDAP_OPT_SERVER_CERTIFICATE option to examine the certificate
and allow/deny the connection on the fly,
without messing with the local trusted root store.
HTH,
Gyorgy
pkiran27 wrote:
> Hi
>
> I am running eDirectory version 8.7.1 on Windows 2000 Server.
> I am able to successfully connect to LDAP server over SSL from Windows
> 2000 professionsal box.
> But the same code fails on Windows XP Professional client box.
> Below is the line of code that fails
> ldap_sslinit(HostName, PortNumber, 1);
> ldap_connect(pld, nil); //returns the error message as 'Server Down'
>
> // if the above succeeds i bind using the below function
> // ldap_bind_s(pld, dn, password, LDAP_AUTH_SIMPLE);
>
> I am using wldap32.dll library wrapped through Delphi client code (Open
> source jedi.org, WinLdap.pas).
>
> I have also set the 'LDAP client/server signing requirements' options
> to 'None' in XP Local Security Settings, but it did not make any
> difference.
> Is there anything I am missing. Appreciate your response on this. Thanks
> for your support.
> Regards,
> -Kiran.
>
>
|
| Post Reply
|
| Re: ldap_sslinit fails on Windows XP, eDir version 8.7.1 |
 |
Thu, 28 Apr 2005 11:01:20 GMT |
Thanks for your response Susan.
I was able to get it working. You were right, I had to setup the trusted
root certificate on XP. I followed the instructions at the microsoft site:
http://www.microsoft.com/windowsxp/home/using/productdoc/en/default.asp?url=/win
dowsxp/home/using/productdoc/en/sag_CMprocsImport.asp
I am using IP address to connect. Below is the SChannel log for your
reference.
"The certificate received from the remote server was issued by an
untrusted certificate authority. Because of this, none of the data
contained in the certificate can be validated. The SSL connection request
has failed. The attached data contains the server certificate."
Thanks again !
Regards,
-Kiran.
Susan Perrin wrote:
> Hi,
> Looking at
>
http://msdn.microsoft.com/library/en-us/ldap/ldap/example_code_for_establishing_
a_session_over_ssl.asp?frame=true
> it looks like the winLdap sdk uses Schannel. Do you have an event log
error
> for system/Schannel when you attempt to connect? If so, what is it? Did
> you introduce the trusted root certificate into the Windows trusted root
> store? Are you using the server name (not ip address)? Does ldp.exe to
> port 636 work ok?
> Thank you
> Susan
|
| Post Reply
|
|
|
|
|
|
|
|
|
|