[Date Prev][Date Next] [Chronological] [Thread] [Top]

Antwort: Re: How to secure LDAP ? SSL support ?

Use ldap_initialize to use the uri format to connect.
Use the tls_option_hard to use ssl.
That's all for a working ssl connection.

P.S.: libldap2 has to be configured with --with-tls.
          On slapd the certificate's common name must be the same like the
fqdn of the slpad host.

Code Snip:

char *server = "ldaps://test.test.com/";
int arg = LDAP_OPT_X_TLS_HARD;

if (argc < 2  || argc > 3)

        parse_args(argc, argv);

        my_filter = (char *)malloc(MAXQUERYSIZE);

        rc = ldap_initialize(&ld, server);
        if (rc != LDAP_SUCCESS) {
                exit (2);

        if ((rc = ldap_set_option(ld, LDAP_OPT_X_TLS, &arg) != LDAP_SUCCESS
)) {
              ldap_perror( ld, "ldap_set_option" );


Franz Skale
mainwork information technology AG
Tech Gate Vienna
Donaucitystrasse 1
A-1220 Wien
Tel: +43 1 333 48 58-0
Fax: +43 1 333 48 58-24
e-mail: f.skale@mainwork.com
Internet: http://www.mainwork.com

                    Turbo Fredriksson                                                                                           
                    <turbo@bayour.com>                An:     <openldap-software@OpenLDAP.org>                                  
                    Gesendet von:                     Kopie:                                                                    
                    owner-openldap-software@Op        Thema:  Re: How to secure LDAP ? SSL support ?                            
                    16.05.2002 13:59                                                                                            

>>>>> "Yves" == Yves Robin <yves@reefedge.com> writes:

    Yves> Do i have to explicitally call the SSL library from my LDAP
    Yves> client to open a SSL session ?  Do i have to call it before
    Yves> the ldap_init() ?

It was about six months since I did this for QmailLDAP/Controls, but
I 'copied' (almost straight of :) the code from 'ldapsearch'.

'Trust the source Yves' :)