[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: debugging tls (apache2 mod_ldap)
* Kurt D. Zeilenga <Kurt@OpenLDAP.org> [0735 20:35]:
> At 03:14 AM 7/14/2004, Dick Davies wrote:
> >Snipping as much irrelevant code as I can, it does the following operations to init
> >the connection:
> >
> > ldc->ldap = ldap_init(ldc->host, ldc->port);
> > if (NULL != ldc->ldap)
> > {
> > int SSLmode = LDAP_OPT_X_TLS_HARD;
> > result = ldap_set_option(ldc->ldap, LDAP_OPT_X_TLS, &SSLmode);
> > }
>
> >The ldap_set_option call handles both SSL initialization and startTLS, right ?
>
> s/SSL/TLS/g
See? There I go again :)
> ldap_set_option() doesn't cause an LDAP StartTLS operation to be issued.
> There is a separate library function to do that (which, upon successful
> completion of the LDAP operation, will handle the TLS upgrade). The
> ldap_set_option call, as used here, is handling ldaps:// style
> initialization of TLS.
Thanks, that's really all I wanted to check - these are new servers so it was
possible they were asking for more ssf (or whatever Novells equivalent is) than
the library could give. Glad to say it wasn't that...
> I'm clueless as far as mod_ldap is concerned. I suggest you make sure
> ldapsearch(1) works for both StartTLS and ldaps://. That will ensure
> the client library is interacting properly with the server.
Thanks, it looks like some wierd build/linking error was the cause -
a colleague took it on himself to handroll a patch into the redhat 7.3
SRPMs and backport tls.c from a more recent OpenLDAP, and suddenly we
are good to go.
Thanks to all posters for advice.
--
Think twice before speaking, but don't say "think think click click".
Rasputin :: Jack of All Trades - Master of Nuns