Openldap and StartTLS / SSL Problem

RhysGoodwin Rhys.Goodwin at gmail.com
Tue Sep 14 06:19:56 MDT 2004 

Hi Anil,
Yes it is 2.1.1, I have just copied the Novell.Directory.Ldap.dll into my
mono setup under mandrake 10. I don't know if this is the right way to do
it but the samples compiled ok so I guess its ok. Anyway thanks for the
quick reply, I'll keep you posted if I figure out anything else.

Kind Regards,
Rhys




Anil Bhatia wrote:

> Hi Rhys,

> Thanks for the detailed info...

> I am not sure what version of C# LDAP SDK you are using...

> Since in one of the cases you are getting "null key", this was one of
> the issues fixed in version 2.1.1... So, if you are using 2.1.1 and
> still getting this problem, I need to re-look at the fix...:-)

> Please let me know which version you are using...

> Thanks and Regards
> -Anil

> >>> Rhys.Goodwin at gmail.com 09/14/04 17:14 PM >>>
> Im having trouble with startTLS and SSL with the Ldap Libraries
> connecting
> to openldap. Here is the situation:

> Openldap 2.1.25
> My Own CA and server certs.

> blacko.rhys.ath.cx the FQDN of my ldap server and the CN used in the
> server certs.

> I run slapd as follows:
> slapd -h"ldap://127.0.0.1:389/ ldap://192.168.1.1:389/
> Laps://192.168.1.1:636/"

> So Im hosting ldap389 on localhost and LAN for StartTLS and hosting
> ldaps636 on LAN for SSL.

> This all seems to work fine, I can StartTLS from samba or ldapsearch and
> I
> can SSL from a windows box running say Jxplorer Ldap browser.

> However when I compile the SSL and TLS samples this is what I get:

> StartTLS Sample:

> Connect successful, now calling startTLS
> Error:null key
> Parameter name: key


> SecureBind Sample:

> *********SecureBind sample*******
> Connecting to:blacko.rhys.ath.cx
> Connect successful, now calling startTLS
> Detected errors in the Server Certificate:
> -2146762490
> ResourcesHandler::ResourcesHandler()
> Error:91

> If I connect to www.nldap.com(389)(the novell test ldap server)the
> StartTLS Works Just fine:

> Connecting to:www.nldap.com
> Connect successful, now calling startTLS
> startTLS successful, now calling Bind
> Detected errors in the Server Certificate:
> -2146762481
> -2146762487
> TLS Bind Completed Successfull

> The "-2146762490" from what I can find(very little) means:

> "CERT_E_PURPOSE: A certificate is being used for a purpose
> other than that for which it is permitted"


> Now Im lost! As far as I can tell the certs are fine because I can
> StartTLS from other clients ok.

> I've been taring my hair out for the last few days over this and now its
> time to get help! I can't wait to get into some Ldap development but I
> really need to know that StartTLS is going to work for me. I'd be very
> greatful for any insight into this problem. Sorry about the length of
> this
> post.

> Cheers,
> Rhys

More information about the Ldapcsharp-dev mailing list