[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: SSL Question: Is Everyone Ignorant or Just Non-responsive
I can understand your frustration as I had to sweat it out as well.
Here's how I did it and it works like a charm.
in order to initialize the LDAP * struct call ldap_initialize like this:
LDAP *ld;
char ldapurl[256];
ldap_initialize(&ld, "ldaps://youripaddress:yourport");
(check return value of course).
Now, you must have a file name ldap.conf. This must be located in the
directory you specified for the sysconfdir when you configured (I
believe its /usr/local/etc or /usr/local/etc/openldap by default). You
need two directives
TLS_CERT {path to file containing CA's cert that issued server's
certificate in pem format}
TLS_RANDFILE {path to random seed generator}
This works for us, hope this helps.
Yoel
John Luce wrote:
>
> I have asked this many times as have many other folks and have never seen a
> REAL answer to this:
>
> We are developing an app that will use an SSL connection to the LDAP Server.
>
> We are using Certificates.
>
> What is the EXACT sequence of calls to the LDAP Client Library to do this.
>
> What does NOT work is what is in the examples in ...../client/tools since
> those do not care about certificates.
>
> Also, since it is an embedded app, the LDAP URI is not usable as we use IP
> addresses only and non-default port numbers. Therefore "ldap_initialize()"
> is not usable.
>
> Has ANYONE done this successfully ? If so, what was the sequence of calls
> and what parameters were MANDATORY...
>
> I'll make a deal.. if I can get this up and running, I'll write a "How-To"
> for this...
>
> Thanks!
>
> John
--
Yoel Spotts yoel@vasco.com
VASCO Data Security, Inc. http://www.vasco.com