[Date Prev][Date Next]
Re: SASL/EXTERNAL Mechanism Help
First off, I want to thank Kurt for his reply. I just have a couple
clarifications to request.....
On Sat, 28 Jul 2001, Kurt D. Zeilenga wrote:
> >supported SASL mechanism. running
> > ldapsearch -x -s base -b "" -ZZ supportedsaslmechanisms
> >supportedSASLMechanisms: LOGIN
> >supportedSASLMechanisms: PLAIN
> >supportedSASLMechanisms: DIGEST-MD5
> >supportedSASLMechanisms: CRAM-MD5
> >but no EXTERNAL mechanism.
> Yes, it's not available unless the client has asserted
> its identity using a certificate.
Does anyone have any examples of client code that send a certificae to the
server ? I am not quite sure how to test this out. Also, I was wondering
if anyone on the list had any success using client certificates for
authentication purposes ?
Any tips on how to start, what to read, etc would be greatly
> >2) I have gotten my application to talk over the TLS link to the slapd
> >server (thanks to looking at the tools/ldap*.c code), and things are
> >working good, but I really require someway to know that the LDAP server my
> >application is talking to is trusted. Basically I would like a way to
> >verify the certificate the slapd serevr is providing to my client app. Is
> >there a way to get the information about the server certificate using the
> >LDAP library ? the OpenSSL library ?
> If the servers is listening on ldaps://, you can use OpenSSL's
> builtin client to view the server's certificate.
Would that be the openSSL s_client mode ? I am looking for a way
to verify that the LDAP server my client application connects to is the
server that the client trusts. Has anyone written a client using the LDAP
library that does this ? It would be best if there was someway that I
could get the certificate information in my client (like Netscape does) so
that I can compare it to a list of known certificates. I noticed that
when running the ldap* tools in -Z mode (TLS enabled) with debugging set
high, I see parts of the certificate in the debug information - does the
LDAP server send the certificate to the client ? Is there anyway for me
to get access to this information ?
Thanks in advance
4B CS University of Waterloo