[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Only Openldap 2.1.x support TLS ?



there's no performance reasons...just because i use a database support
(--enable-ldbm) but i haven't installed the Berkley DB support
(--disable-bdb).

<marc.bigler@day.com> wrote in message
OFB14AA7CD.CBB485AD-ONC1256C70.0045757B@day.com">news:OFB14AA7CD.CBB485AD-ONC1256C70.0045757B@day.com...
>
> Just per curiosity, what do you enable LDBM and disable BDB, is that a
> performance reason ? Also does Berkley DB v3.1 already support LDBM ?
>
> Regards
> Marc
>
>
>
>
>
> |--------+------------------------------------>
> |        |                                    |
> |        |          "Marius Cabas"            |
> |        |          <marius_cabas@hotmail.com>|
> |        |          Sent by:                  |
> |        |          owner-openldap-software@Op|
> |        |          enLDAP.org                |
> |        |                                    |
> |        |                                    |
> |        |          11/13/02 11:35 AM         |
> |        |                                    |
> |--------+------------------------------------>
>
>---------------------------------------------------------------------------
--------------------------------|
>   |
|
>   |      To:     openldap-software@OpenLDAP.org
|
>   |      cc:
|
>   |      Subject:     Re: Only Openldap 2.1.x support TLS ?
|
>
>---------------------------------------------------------------------------
--------------------------------|
>
>
>
>
> OpenLDAP via TLS/SSL:
> =====================
>
> 1. download openldap v2.0.27
> 2. compile openldap using the following commands:
>     > ./configure --enable-ldbm --disable-bdb --with-tls
>     > make depend
>     > make
>     > make install
> 3. generate the certificate file using OpenSSL:
>     > openssl req -new -x509 -nodes -out server.pem -keyout server.pem
> -days
> 365
> 4. edit the slapd.conf file to support TLS/SSL like below:
>     add at the end of the file:
>         TLSCertificateFile    /usr/local/etc/ldap/server.pem
>         TLSCertificateKeyFile /usr/local/etc/ldap/server.pem
>         TLSCACertificateFile  /usr/local/etc/ldap/server.pem
> 5. start the OpenLDAP listener like below:
>     > ./slapd -h "ldap:/// ldaps:///"
>
> Now, you have an OpenLDAP server that supports TLS/SSL.
> You can use the Novel LDAP SDK (for example) to connect to the OpenLDAP
> server using TLS/SSL. A small piece of code you will find below:
>
> int SSLBind()
> {
>  int ret = -1;
>
>  // using LDAP version 3
>  int version = LDAP_VERSION3;
>  ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, &version);
>
>  // initializes the SSL library
>  if((ret = ldapssl_client_init(NULL, NULL)) != LDAP_SUCCESS)
>   return ret;
>
>  // adds certificates to the list of trusted certificates
>  if((ret = ldapssl_add_trusted_cert("server.pem",
> LDAPSSL_CERT_FILETYPE_B64)) != LDAP_SUCCESS)
>   return ret;
>
>  // creates an LDAP session handle that is SSL enabled
>  LDAP *ldap = ldapssl_init("localhost", 636, 1);
>  if(ldap == NULL)
>   return -1;
>
>  // bind with current credentials
>  if((ret = ldap_simple_bind_s(ldap, "cn=manager,o=vt", "start")) !=
> LDAP_SUCCESS)
>  {
>   ldapssl_client_deinit();
>   return ret;
>  }
>
>  ldap_unbind_s(ldap);
>  ldapssl_client_deinit();
>  return ret;
> }
>
> regards,
>
> Marius
>
>
>
>
>
>
>
>
>