[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: More SASL/SSL questions.
At 05:52 PM 6/11/2004, Ben Bargabus wrote:
>Hello,
>I'm still a bit confused about SASL and SSL from a client programming
>perspective (and the almost complete lack of documentation doesn't help
>much).
>
>1. Does a SASL bind produce an encrypted session for any communication
>that follows the authentication or does it just encrypt the bindDN and
>credentials?
It may (in either case), but not necessarily. Also note that
TLS (SSL) may, but not necessarily, provide encryption.
>2. Is there ANY documentation for ldap_sasl_bind_s() that describes its
>arguments and return value?
See doc/drafts/draft-ietf-ldapext-ldap-c-api-xx.txt and,
of course, the code.
>3. Is there ANY documentation for ldap_initialize()?
Just code.
>Particularly I'm
>wondering how to use it to create an SSL session (is it as simple as
>ldap_initialize(&ld, "ldaps://myserver.com:636")). Is there a better
>way to create an SSL session?
That requests create a "secure" LDAP session protected
by TLS (SSL). (I use the term protected loosely here
as TLS (SSL) may actually not offer any protection.)
Kurt