[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP server should use windows certificate store for certificates



Hi,

On Mon, 5 Aug 2013, pramod kulkarni wrote:

Thanks for the reply,

How to replace the file based access in OpenLDAP with windows certificate
store access.
we have the functionality to access the windows certificate store but how
to integrate with OpenLDAP ?

lets try it in other words. There is no such functionality currently in openldap currently.

If you want it you need to develop it.

Greetings
Christian



Regards,
Pramod



On Fri, Aug 2, 2013 at 10:57 PM, Michael StrÃder <michael@stroeder.com>wrote:

Aaron Richton wrote:
On Fri, 2 Aug 2013, pramod kulkarni wrote:

Hi,I need information on how to configure OpenLDAP server in the
slapd.conf
to look for certificates from windows certificate store?
Currently i am using certificates from file in a path.

Waiting for your inputs.

In libraries/libldap you'll find

tls_g.c  tls_m.c  tls_o.c

which are for GnuTLS, MozNSS, and OpenSSL respectively. I'd imagine that
the
Right Thing would be to make a new file here, that utilizes the Windows
crypto
APIs (therefore accessing the Windows certificate stores).

You're talking about implementing a wrapper around Windows' schannel DLL
which
in turn uses CAPI key stores.

Another also rather hypothetical approach:
I vaguely remember that someone wrote a PKCS#11 provider for accessing CAPI
keystore which could be used in libnss and therefore in OpenLDAP (tls_m.c).
It would be a lot of work to get that going - something for adventurers
with
lots of spare time. ;-}

Ciao, Michael.





--
Christian Kratzer                      CK Software GmbH
Email:   ck@cksoft.de                  Wildberger Weg 24/2
Phone:   +49 7032 893 997 - 0          D-71126 Gaeufelden
Fax:     +49 7032 893 997 - 9          HRB 245288, Amtsgericht Stuttgart
Web:     http://www.cksoft.de/         Geschaeftsfuehrer: Christian Kratzer