[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSL Question: Is Everyone Ignorant or Just Non-responsive

I can understand your frustration as I had to sweat it out as well.

Here's how I did it and it works like a charm. 

in order to initialize the LDAP * struct call ldap_initialize like this:

LDAP *ld;
char ldapurl[256];

ldap_initialize(&ld, "ldaps://youripaddress:yourport");

(check return value of course).

Now, you must have a file name ldap.conf. This must be located in the
directory you specified for the sysconfdir when you configured (I
believe its /usr/local/etc or /usr/local/etc/openldap by default). You
need two directives

TLS_CERT	{path to file containing CA's cert that issued server's
certificate in pem format}
TLS_RANDFILE	{path to random seed generator}

This works for us, hope this helps.


John Luce wrote:
> I have asked this many times as have many other folks and have never seen a
> REAL answer to this:
> We are developing an app that will use an SSL connection to the LDAP Server.
> We are using Certificates.
> What is the EXACT sequence of calls to the LDAP Client Library to do this.
> What does NOT work is what is in the examples in ...../client/tools since
> those do not care about certificates.
> Also, since it is an embedded app, the LDAP URI is not usable as we use IP
> addresses only and non-default port numbers. Therefore "ldap_initialize()"
> is not usable.
> Has ANYONE done this successfully ? If so, what was the sequence of calls
> and what parameters were MANDATORY...
> I'll make a deal.. if I can get this up and running, I'll write a "How-To"
> for this...
> Thanks!
> John

Yoel Spotts			yoel@vasco.com
VASCO Data Security, Inc.	http://www.vasco.com