[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap_start_tls_s and automatic CA certificate searching



Hallvard B Furuseth wrote:
Roberto Aguilar writes:
Setting TLS_CACERT to the server's CA certificate allows the
connection to go through, but that is not feasible as I need to
connect to servers with different CAs.

I tried looking through ldapsearch.c to find the secret sauce to get
this to work, but was not successful.  Can someone point me in the
right direction.

libldap handles it for ldapsearch. If you mean you want to set the CA cert by hand in the program, use rc = ldap_set_option(ld, LDAP_OPT_X_TLS_CACERTFILE, "<CA cert filename>");

Also, as noted in the Admin Guide, you can place multiple CA certs in a single file, and you typically need to do this on clients anyway.

--
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP     http://www.openldap.org/project/