我已经管理过将iOS应用与ldap连接,但我很难连接到ldaps。
对ldap有用的是(简短版)。
LDAP *ld;
char *ldapuri = /* my uri with ldap:// */;
rc = ldap_initialize(&ld, ldapuri);
char *binddn = /* my dn info */;
char *password = /* my password */;
int version = LDAP_VERSION3;
ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version);
rc = ldap_simple_bind_s(ld, binddn, password);
我尝试用ldaps做什么(类似于作者的例子):
LDAP *ld;
char *ldapuri = /* my uri with ldaps:// */;
const char *caFile = /* filepath to my cert */;
int err = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, (void *)caFile); /* no error here */
rc = ldap_initialize(&ld, ldapuri);
char *binddn = /* my dn info */;
char *password = /* my password */;
int version = LDAP_VERSION3;
ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version);
rc = ldap_start_tls_s(ld, NULL, NULL); /* Here it fails */
使用
ldap_get_option( ld, LDAP_OPT_DIAGNOSTIC_MESSAGE, (void*)&msg);
NSLog(@" ldap_start_tls_s(): %s", ldap_err2string(rc));
NSLog(@" ssl/tls: %s", msg);
我设法获得这些消息
ldap_start_tls_s():无法联系LDAP服务器
ssl / tls:错误:14090086:SSL例程:SSL3_GET_SERVER_CERTIFICATE:证书验证失败(无法获取本地颁发者证书)
答案 0 :(得分:0)
我已设法通过ldaps进行身份验证。这是前两者的组合。
LDAP *ld;
char *ldapuri = /* my uri with ldaps:// */;
const char *caFile = /* filepath to my cert */;
int err = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, (void *)caFile); /* no error here */
rc = ldap_initialize(&ld, ldapuri);
char *binddn = /* my dn info */;
char *password = /* my password */;
int version = LDAP_VERSION3;
ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version);
rc = ldap_simple_bind_s(ld, binddn, password);