[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: More SASL/SSL questions.



At 05:52 PM 6/11/2004, Ben Bargabus wrote:
>Hello,
>I'm still a bit confused about SASL and SSL from a client programming
>perspective (and the almost complete lack of documentation doesn't help
>much).
>
>1. Does a SASL bind produce an encrypted session for any communication
>that follows the authentication or does it just encrypt the bindDN and
>credentials?

It may (in either case), but not necessarily.  Also note that
TLS (SSL) may, but not necessarily, provide encryption.

>2. Is there ANY documentation for ldap_sasl_bind_s() that describes its
>arguments and return value?

See doc/drafts/draft-ietf-ldapext-ldap-c-api-xx.txt and,
of course, the code.

>3. Is there ANY documentation for ldap_initialize()? 

Just code.

>Particularly I'm
>wondering how to use it to create an SSL session (is it as simple as
>ldap_initialize(&ld, "ldaps://myserver.com:636")).  Is there a better
>way to create an SSL session?

That requests create a "secure" LDAP session protected
by TLS (SSL).  (I use the term protected loosely here
as TLS (SSL) may actually not offer any protection.)

Kurt