[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: SSL Question: Is Everyone Ignorant or Just Non-responsive



Hi,

I've configured my OpenLDAP to work with SSL. I'm working on an application
made in BCPP using the latest NS SDK (version 5)

This is my init code:

   if ( CkbSSL->Checked==true)
   {
      rc = ldapssl_client_init ("E:\\Dev\\DirNav4\\", NULL);
      if ( rc < 0 )
      {
...
      }

      if ( (p_tLdap = ldapssl_init( EdtAddress->Text.c_str(),
atoi(EdtPort->Text.c_str()), 1 )) == NULL )
      {
...
      }
   }
   else
   {
      p_tLdap = ldap_init (EdtAddress->Text.c_str(),
atoi(EdtPort->Text.c_str()));
      if ( p_tLdap == NULL )
      {
...
      }

      /* Try to bind */
      rc = ldap_bind_s (p_tLdap,
                        EdtUserId->Text.c_str(),
                        EdtUserPassword->Text.c_str(),
                        (int) LDAP_AUTH_SIMPLE) ;
      if ( rc != LDAP_SUCCESS )
      {
...
      }
   }

The first LDAP-call:

   char           *a_cAttrib[]     = {"namingContexts", NULL};

   /* Search for the ROOT DSE */
   rc = ldap_search_s (p_tLdap,
                       "",
                       LDAP_SCOPE_BASE,
                       "(objectClass=*)",
                       a_cAttrib,
                       0,
                       &p_tDnResult);
   switch (rc)
...

===> The init is OK!!! BUT it hangs on the first ldap_search_s()
What is wrong?

These are the debug messages:
Aug 17 01:25:05 linux slapd[403]: connection_get(10)
Aug 17 01:25:05 linux slapd[403]: connection_get(10): got connid=19
Aug 17 01:25:05 linux slapd[403]: connection_read(10): checking for input on
id=19
Aug 17 01:25:05 linux slapd[403]: connection_get(10)
Aug 17 01:25:05 linux slapd[403]: connection_get(10): got connid=19
Aug 17 01:25:05 linux slapd[403]: connection_read(10): checking for input on
id=19
Aug 17 01:25:05 linux slapd[403]: connection_get(10)
Aug 17 01:25:05 linux slapd[403]: connection_get(10): got connid=19
Aug 17 01:25:05 linux slapd[403]: connection_read(10): checking for input on
id=19
Aug 17 01:25:05 linux slapd[404]: do_search
Aug 17 01:25:05 linux slapd[404]: SRCH "" 0 0
Aug 17 01:25:05 linux slapd[404]:     0 0 0
Aug 17 01:25:05 linux slapd[404]:     filter: (objectClass=*)
Aug 17 01:25:05 linux slapd[404]:     attrs:
Aug 17 01:25:05 linux slapd[404]:  namingContexts
Aug 17 01:25:05 linux slapd[404]:
Aug 17 01:25:05 linux slapd[404]: => send_search_entry: ""
Aug 17 01:25:05 linux slapd[403]: ber_get_next on fd 10 failed errno=11
(Resource temporarily unavailable)
Aug 17 01:25:05 linux slapd[404]: <= send_search_entry
Aug 17 01:25:05 linux slapd[404]: send_ldap_result: conn=19 op=0 p=3
Aug 17 01:25:05 linux slapd[404]: send_ldap_result: 0::
Aug 17 01:25:05 linux slapd[404]: send_ldap_response: msgid=1 tag=101 err=0
Aug 17 01:26:37 linux slapd[403]: connection_get(10)

Is there an OpenLDAP library (a DLL) which I could use instead of the NS
SDK?

Thanks,
Geert






-----Original Message-----
From: owner-openldap-software@OpenLDAP.org
[mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Yoel Spotts
Sent: woensdag 15 augustus 2001 17:34
To: John Luce
Cc: OpenLDAP-software@OpenLDAP.org
Subject: Re: SSL Question: Is Everyone Ignorant or Just Non-responsive


I can understand your frustration as I had to sweat it out as well.

Here's how I did it and it works like a charm.

in order to initialize the LDAP * struct call ldap_initialize like this:

LDAP *ld;
char ldapurl[256];

ldap_initialize(&ld, "ldaps://youripaddress:yourport");

(check return value of course).

Now, you must have a file name ldap.conf. This must be located in the
directory you specified for the sysconfdir when you configured (I
believe its /usr/local/etc or /usr/local/etc/openldap by default). You
need two directives

TLS_CERT	{path to file containing CA's cert that issued server's
certificate in pem format}
TLS_RANDFILE	{path to random seed generator}

This works for us, hope this helps.

Yoel

John Luce wrote:
>
> I have asked this many times as have many other folks and have never seen
a
> REAL answer to this:
>
> We are developing an app that will use an SSL connection to the LDAP
Server.
>
> We are using Certificates.
>
> What is the EXACT sequence of calls to the LDAP Client Library to do this.
>
> What does NOT work is what is in the examples in ...../client/tools since
> those do not care about certificates.
>
> Also, since it is an embedded app, the LDAP URI is not usable as we use IP
> addresses only and non-default port numbers. Therefore "ldap_initialize()"
> is not usable.
>
> Has ANYONE done this successfully ? If so, what was the sequence of calls
> and what parameters were MANDATORY...
>
> I'll make a deal.. if I can get this up and running, I'll write a "How-To"
> for this...
>
> Thanks!
>
> John

--
Yoel Spotts			yoel@vasco.com
VASCO Data Security, Inc.	http://www.vasco.com