[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: SSL Question: Is Everyone Ignorant or Just Non-responsive
Hi,
I've configured my OpenLDAP to work with SSL. I'm working on an application
made in BCPP using the latest NS SDK (version 5)
This is my init code:
if ( CkbSSL->Checked==true)
{
rc = ldapssl_client_init ("E:\\Dev\\DirNav4\\", NULL);
if ( rc < 0 )
{
...
}
if ( (p_tLdap = ldapssl_init( EdtAddress->Text.c_str(),
atoi(EdtPort->Text.c_str()), 1 )) == NULL )
{
...
}
}
else
{
p_tLdap = ldap_init (EdtAddress->Text.c_str(),
atoi(EdtPort->Text.c_str()));
if ( p_tLdap == NULL )
{
...
}
/* Try to bind */
rc = ldap_bind_s (p_tLdap,
EdtUserId->Text.c_str(),
EdtUserPassword->Text.c_str(),
(int) LDAP_AUTH_SIMPLE) ;
if ( rc != LDAP_SUCCESS )
{
...
}
}
The first LDAP-call:
char *a_cAttrib[] = {"namingContexts", NULL};
/* Search for the ROOT DSE */
rc = ldap_search_s (p_tLdap,
"",
LDAP_SCOPE_BASE,
"(objectClass=*)",
a_cAttrib,
0,
&p_tDnResult);
switch (rc)
...
===> The init is OK!!! BUT it hangs on the first ldap_search_s()
What is wrong?
These are the debug messages:
Aug 17 01:25:05 linux slapd[403]: connection_get(10)
Aug 17 01:25:05 linux slapd[403]: connection_get(10): got connid=19
Aug 17 01:25:05 linux slapd[403]: connection_read(10): checking for input on
id=19
Aug 17 01:25:05 linux slapd[403]: connection_get(10)
Aug 17 01:25:05 linux slapd[403]: connection_get(10): got connid=19
Aug 17 01:25:05 linux slapd[403]: connection_read(10): checking for input on
id=19
Aug 17 01:25:05 linux slapd[403]: connection_get(10)
Aug 17 01:25:05 linux slapd[403]: connection_get(10): got connid=19
Aug 17 01:25:05 linux slapd[403]: connection_read(10): checking for input on
id=19
Aug 17 01:25:05 linux slapd[404]: do_search
Aug 17 01:25:05 linux slapd[404]: SRCH "" 0 0
Aug 17 01:25:05 linux slapd[404]: 0 0 0
Aug 17 01:25:05 linux slapd[404]: filter: (objectClass=*)
Aug 17 01:25:05 linux slapd[404]: attrs:
Aug 17 01:25:05 linux slapd[404]: namingContexts
Aug 17 01:25:05 linux slapd[404]:
Aug 17 01:25:05 linux slapd[404]: => send_search_entry: ""
Aug 17 01:25:05 linux slapd[403]: ber_get_next on fd 10 failed errno=11
(Resource temporarily unavailable)
Aug 17 01:25:05 linux slapd[404]: <= send_search_entry
Aug 17 01:25:05 linux slapd[404]: send_ldap_result: conn=19 op=0 p=3
Aug 17 01:25:05 linux slapd[404]: send_ldap_result: 0::
Aug 17 01:25:05 linux slapd[404]: send_ldap_response: msgid=1 tag=101 err=0
Aug 17 01:26:37 linux slapd[403]: connection_get(10)
Is there an OpenLDAP library (a DLL) which I could use instead of the NS
SDK?
Thanks,
Geert
-----Original Message-----
From: owner-openldap-software@OpenLDAP.org
[mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Yoel Spotts
Sent: woensdag 15 augustus 2001 17:34
To: John Luce
Cc: OpenLDAP-software@OpenLDAP.org
Subject: Re: SSL Question: Is Everyone Ignorant or Just Non-responsive
I can understand your frustration as I had to sweat it out as well.
Here's how I did it and it works like a charm.
in order to initialize the LDAP * struct call ldap_initialize like this:
LDAP *ld;
char ldapurl[256];
ldap_initialize(&ld, "ldaps://youripaddress:yourport");
(check return value of course).
Now, you must have a file name ldap.conf. This must be located in the
directory you specified for the sysconfdir when you configured (I
believe its /usr/local/etc or /usr/local/etc/openldap by default). You
need two directives
TLS_CERT {path to file containing CA's cert that issued server's
certificate in pem format}
TLS_RANDFILE {path to random seed generator}
This works for us, hope this helps.
Yoel
John Luce wrote:
>
> I have asked this many times as have many other folks and have never seen
a
> REAL answer to this:
>
> We are developing an app that will use an SSL connection to the LDAP
Server.
>
> We are using Certificates.
>
> What is the EXACT sequence of calls to the LDAP Client Library to do this.
>
> What does NOT work is what is in the examples in ...../client/tools since
> those do not care about certificates.
>
> Also, since it is an embedded app, the LDAP URI is not usable as we use IP
> addresses only and non-default port numbers. Therefore "ldap_initialize()"
> is not usable.
>
> Has ANYONE done this successfully ? If so, what was the sequence of calls
> and what parameters were MANDATORY...
>
> I'll make a deal.. if I can get this up and running, I'll write a "How-To"
> for this...
>
> Thanks!
>
> John
--
Yoel Spotts yoel@vasco.com
VASCO Data Security, Inc. http://www.vasco.com