[Date Prev][Date Next] [Chronological] [Thread] [Top]

Antwort: How to secure LDAP ? SSL support ?

If you develop a client under linux with C, you only have to compile slapd
against openssl (--with-tls).
Make a certificate like shown in the INSTALL.

Use the uri to connect to the server when using ldap_simple_bind_s , like:
The key must have the common name of the fqdn of the server, in other words
the server.domain has to be listed in the hosts file or in the nameserver.
The all will work perfectly.
My client uses the the simple_bind_s with the ldaps uri.

Code snip:

LDAP *ld;
LDAPMessage *result, *e;
BerElement *ber;
char *a;
char *my_searchbase = "dc=sample,dc=org";
char *my_filter = "";
int rc,version;
char *server = "ldaps://ldap.sample.org/";
int arg = LDAP_OPT_X_TLS_HARD;

       rc = ldap_initialize(&ld, server);
        if (rc != LDAP_SUCCESS) {
                exit (2);

        if ((rc = ldap_set_option(ld, LDAP_OPT_X_TLS, &arg) != LDAP_SUCCESS
)) {
              ldap_perror( ld, "ldap_set_option" );

        if (ldap_get_option (ld, LDAP_OPT_PROTOCOL_VERSION, &version)  ==
          if (version < LDAP_VERSION3)
              version = LDAP_VERSION3;
              (void) ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION,

        rc = ldap_simple_bind_s(ld, "uid=test,ou=People,dc=sample,dc=org",
        if (rc != LDAP_SUCCESS) {
                exit (2);


Franz Skale
mainwork information technology AG
Tech Gate Vienna
Donaucitystrasse 1
A-1220 Wien
Tel: +43 1 333 48 58-0
Fax: +43 1 333 48 58-24
e-mail: f.skale@mainwork.com
Internet: http://www.mainwork.com

                    "Yves Robin"                                                                                                 
                    <yves@reefedge.com>               An:     "Mailing list OpenLdap" <openldap-software@OpenLDAP.org>           
                    Gesendet von:                     Kopie:                                                                     
                    owner-openldap-software@Op        Thema:  How to secure LDAP ? SSL support ?                                 
                    30.04.2002 11:41                                                                                             


I am looking for securing LDAP transferts between our client application
existing LDAP servers that already have support for SSL. And i would
appreciate to re-use existing code or libraries...

Is there any built-in client function in Openldap 2.0.x to easily open and
negociate a SSL session with the servers ? Or some code example ? I didn't
see any in the FAQ...

Thanks for help.

Yves Robin