[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Only Openldap 2.1.x support TLS ?
OpenLDAP via TLS/SSL:
=====================
1. download openldap v2.0.27
2. compile openldap using the following commands:
> ./configure --enable-ldbm --disable-bdb --with-tls
> make depend
> make
> make install
3. generate the certificate file using OpenSSL:
> openssl req -new -x509 -nodes -out server.pem -keyout server.pem -days
365
4. edit the slapd.conf file to support TLS/SSL like below:
add at the end of the file:
TLSCertificateFile /usr/local/etc/ldap/server.pem
TLSCertificateKeyFile /usr/local/etc/ldap/server.pem
TLSCACertificateFile /usr/local/etc/ldap/server.pem
5. start the OpenLDAP listener like below:
> ./slapd -h "ldap:/// ldaps:///"
Now, you have an OpenLDAP server that supports TLS/SSL.
You can use the Novel LDAP SDK (for example) to connect to the OpenLDAP
server using TLS/SSL. A small piece of code you will find below:
int SSLBind()
{
int ret = -1;
// using LDAP version 3
int version = LDAP_VERSION3;
ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, &version);
// initializes the SSL library
if((ret = ldapssl_client_init(NULL, NULL)) != LDAP_SUCCESS)
return ret;
// adds certificates to the list of trusted certificates
if((ret = ldapssl_add_trusted_cert("server.pem",
LDAPSSL_CERT_FILETYPE_B64)) != LDAP_SUCCESS)
return ret;
// creates an LDAP session handle that is SSL enabled
LDAP *ldap = ldapssl_init("localhost", 636, 1);
if(ldap == NULL)
return -1;
// bind with current credentials
if((ret = ldap_simple_bind_s(ldap, "cn=manager,o=vt", "start")) !=
LDAP_SUCCESS)
{
ldapssl_client_deinit();
return ret;
}
ldap_unbind_s(ldap);
ldapssl_client_deinit();
return ret;
}
regards,
Marius