LDAP over SSL on windows service

Question

I have an application that connects to an LDAP server using SSL. The problem I'm having is that when I run it as a console application it connects successfully, but when I run the application as a windows service, it fails.

There is some information that could help:

• ldap_sslinit ALLWAYS returns success

1 ldap_connect = 0 (Success) with all the LDAP ports running as APPLICATION under user ADMINISTRATOR tested ports 389,3268 without ssl and 636,3269 with SSL 2 ldap_connect = 0 (Success) running as service with port 389 or 3268 3 ldap_connect = 81 (Not connected) running AS SERVICE with ports 636 or 3269 We tested the service running under user administrator and also tested under other special user agent with all the permisions

• We enabled some Log on as service permissions, and others without success.
• We also added the certificates to local machine , and to the service user

---

Example of the test

pLdapConnection = ldap_sslinit((PWCHAR)ldap_host.c_str(), ldap_port,1); // Secure LDAP 
// allways return success
ldap_set_option(pLdapConnection, LDAP_OPT_SSL, LDAP_OPT_ON); // set SSL option
ldap_set_option(pLdapConnection, LDAP_OPT_REFERRALS, LDAP_OPT_OFF); // required  
result = ldap_connect(pLdapConnection, &timeout);

result = LDAP_SERVER_DOWN (0x51)

I appreciate any help you can give me.

Answer 1

What account is the service running under? Is it a specific domain user that has access to the LDAP server? You might want to set the SPNs on the LDAP server as well; I've had double-hop token problems before with authentication.