[Date Prev][Date Next] [Chronological] [Thread] [Top]

Antwort: OpenSSL + Java

I now finally managed to connect to openldap using ldaps.
I simply used the uri ldaps://server.domain/
connectiong using version3 of ldap setting the option ldap_option_set.
I don't use the ldap_start_tls_s command because of the already started tls
on the server.
I simply use the ldap_simple_bind_s command with the given uri.
The only thing you  to mention is that you have to create a server cert
with exaclty the hostname defined on the machine. (common name).
The second hint is that on debian machines the libldap and the slapd are
not configured to use ssl.
So download the source pakage of slapd with: apt-get source slapd.
Change to the /usr/src/openldap2-2.2.0.23 dir and edit the rules file.
Change without-ssl to with-ssl and remove the option with-sql which make no
sens beacuse using sql will slow down the performace rapidly with a growing
db.
Then enter the command relative from the source tree: debian/rules binary
to generate the debs.
They are installed to the /usr/src dir.
Change to it and run dpkg -i  *. (Done).

My Logoutput proves the TLS handshake to the ldap server with the -d9 flag
given to the slapd.

TLS trace: SSL_accept:SSLv3 read client key exchange A
TLS trace: SSL_accept:SSLv3 read finished A
TLS trace: SSL_accept:SSLv3 write change cipher spec A
TLS trace: SSL_accept:SSLv3 write finished A
TLS trace: SSL_accept:SSLv3 flush data



P.S.: check the libs against ssl using ldd /usr/lib/libldap.so

Best rgds.

Franz
____________________________________________________
Franz Skale
mainwork information technology AG
IT-Services
Tech Gate Vienna
Donaucitystrasse 1
A-1220 Wien
Tel: +43 1 333 48 58-0
Fax: +43 1 333 48 58-24
e-mail: f.skale@mainwork.com
Internet: http://www.mainwork.com


                                                                                                                                 
                    "Zamangoer, Ferruh"                                                                                          
                    <ferruh.zamangoer@materna.        An:     OpenLdap-Software@OpenLDAP.com, openssl-users@openssl.org          
                    de>                               Kopie:                                                                     
                    Gesendet von:                     Thema:  OpenSSL + Java                                                     
                    owner-openldap-software@Op                                                                                   
                    enLDAP.org                                                                                                   
                                                                                                                                 
                                                                                                                                 
                    02.04.2002 17:30                                                                                             
                                                                                                                                 
                                                                                                                                 




Hi all,

I'am writing a application in java , which allows the user to make a search
in LDAP-Server. My Problem is that I want to use a secure network
connection
to communicate between the application and LDAP Server. I have install the
openssl , but I have not found an easy manual which describes what I have
to
edit in the openssl.conf.
Can anybody help me??

thanks in advance for any help

Ferruh