AGB  ·  Datenschutz  ·  Impressum  







Anmelden
Nützliche Links
Registrieren
Thema durchsuchen
Ansicht
Themen-Optionen

Umstellung LDAP auf SSL/TLS

Ein Thema von Blup · begonnen am 17. Mai 2024 · letzter Beitrag vom 21. Mai 2024
 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Kas Ob.

Registriert seit: 3. Sep 2023
412 Beiträge
 
#10

AW: Umstellung LDAP auf SSL/TLS

  Alt 21. Mai 2024, 12:30
Hi again,

with this code which is the same as mine above with one addition the connect
markieren
Code:
procedure TForm10.LDAPConnect;
var
  pConn: PLDAP;
  Version: NativeUInt;
  CurrVer: NativeUInt;
  TimeOut: TLDAPTimeVal;
begin
  pConn := ldap_sslinit('127.0.0.1', LDAP_SSL_PORT, 1);
 // pConn := ldap_init('localhost', LDAP_PORT);
  if not Assigned(pConn) then
    Exit;

  try
    Version := LDAP_VERSION3;
    if ldap_set_option(pConn, LDAP_OPT_PROTOCOL_VERSION, @Version) <> LDAP_SUCCESS then
      Exit;
    if ldap_get_option(pConn, LDAP_OPT_SSL, @CurrVer) <> LDAP_SUCCESS then
      Exit;
    Memo1.Lines.Add('Current SSL status : ' + BoolToStr(CurrVer <> 0, true));

    if CurrVer = NativeUInt(LDAP_OPT_OFF) then
    begin
      CurrVer := NativeUInt(LDAP_OPT_ON);
      if ldap_set_option(pConn, LDAP_OPT_SSL, @CurrVer) <> LDAP_SUCCESS then
        Exit;
    end;

    // check again
    if ldap_get_option(pConn, LDAP_OPT_SSL, @CurrVer) <> LDAP_SUCCESS then
      Exit;
    Memo1.Lines.Add('Current SSL status : ' + BoolToStr(CurrVer <> 0, true));

    TimeOut.tv_sec := 5;
    TimeOut.tv_usec := 0;
    if ldap_connect(pConn, @TimeOut) <> LDAP_SUCCESS then
      begin
        Memo1.Lines.Add('ldap_connect failed');
        Exit;
      end;

    Memo1.Lines.Add('Connected');

    Memo1.Lines.Add('Success');
  finally
    ldap_unbind_s(pConn);
  end;
end;
Also i installed Active Directory LightWeight Directory Service from Windows Features
ADS.png

Now the result also failed to connect still, because i didn't configure any certificate and not sure about what account i allowed as i clicked next ,next ....
But from Wireshark the connection is established with TLS v1.2 and a Client Hello is sent from the app to ADS server but the server abruptly closed the connection, this is a symptom when the server doesn't have a valid certificate, i don't want to go through issuing a certificate for many reasons but the biggest one is i don't have a valid domain or a have access to real AD server on Windows OS server to issue trusted one.
Wireshark :
2024-05-21 14_23_58-Untitled.jpg

So i suggest to use wireshark to check if SSL/TLS is enabled instead of depending on LDAP_OPT_SSL, i doubt it might refer to client side certificate verification instead of what you think of the connection is TLS.

See, using ldap_sslinit is already indicating the secure connection, so LDAP_OPT_SSL might not be the indicator, but again i might be wrong here, or may be it is reserved when using ldap_init instead of ldap_sslinit, i don't know.
Kas
  Mit Zitat antworten Zitat
 

« Vorheriges Thema | Nächstes Thema »

Forumregeln

Es ist dir nicht erlaubt, neue Themen zu verfassen.
Es ist dir nicht erlaubt, auf Beiträge zu antworten.
Es ist dir nicht erlaubt, Anhänge hochzuladen.
Es ist dir nicht erlaubt, deine Beiträge zu bearbeiten.
BB-Code ist an.
Smileys sind an.
[IMG] Code ist an.
HTML-Code ist aus.
Trackbacks are an
Pingbacks are an
Refbacks are aus
Gehe zu:

Impressum · AGB · Datenschutz · Nach oben
Alle Zeitangaben in WEZ +1. Es ist jetzt 10:03 Uhr.
Powered by vBulletin® Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO © 2011, Crawlability, Inc.
Delphi-PRAXiS (c) 2002 - 2023 by Daniel R. Wolf, 2024-2025 by Thomas Breitkreuz