1.  Home
  2. RPG400-L
  3. February 2010

LDAP search using SSL connection

Using Scott Klement's LDAP search example program (see "Getting error
'Decoding error' calling LDAP API ldap_get_values()" post from June 2002)
, I have created a program that retrieves attributes from the LDAP. It's
been working nicely for a couple years. However, now we want to access
the LDAP using SSL. I believe there is an external procedure named
'ldap_ssl_init' that I would want to use to make the connection, but I
cannot seem to get it to work. There is only one more parm for the
ldap_ssl_init than the ldap_init and that is the certlbl parm. According
to the IBM documentation, if the LDAP server configuration performs Server
Authentication, it does not require a client certificate, so set certlbl
to null.

I have added the prototype to the ldap_h copy member as such:

D ldap_ssl_init PR * extproc('ldap_ssl_init')
D defhost * value options(*string)
D defport 10I 0 value
D certlbl * value options(*string)

And have changed the ldap_init to ldap_ssl_init as such:

H DFTACTGRP(*NO) ACTGRP(*NEW) BNDDIR('QC2LE')
H OPTION(*SRCSTMT: *NODEBUGIO) UsrPrf(*Owner)

D/copy StCTools/source,ldap_h

D LOGIN_ACCT C 'xxxxxx'
D LOGIN_PASSWD C 'yyyyyyyyyy'
D MY_BASE_DN C
'OU=ABC,DC=ci,DC=thiscity,DC=xx,-
D DC=us'
D Host C 'CI.THISCITY.XX.US'
D CertLbl C ''

D ld S *
D rc S 10I 0

D @Msg S 52A

/FREE
@Msg = *blanks;

ld = ldap_ssl_init(Host : LDAPS_PORT: CertLbl);
if ld = *NULL;
rc = ldap_get_errno(ld);
@Msg = %str(ldap_err2string(rc));
return;
endif;

/END-FREE

The return from ldap_ssl_init is always null which causes the
ldap_get_errono routine to run. This routine errors out with:

Pointer not set for location referenced.
The call to ldap_get_e ended in error (C G D F).

Does anyone have an idea of what I am doing incorrectly, or an example of
how to do it correctly? Do I need to import the SSL certificate on the
System i? Any ideas would be greatly appreciated.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2026 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.