[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Only Openldap 2.1.x support TLS ?

To: "Marius Cabas" <marius_cabas@hotmail.com>
Subject: Re: Only Openldap 2.1.x support TLS ?
From: marc.bigler@day.com
Date: Wed, 13 Nov 2002 13:39:41 +0100
Cc: openldap-software@OpenLDAP.org, owner-openldap-software@OpenLDAP.org

Just per curiosity, what do you enable LDBM and disable BDB, is that a
performance reason ? Also does Berkley DB v3.1 already support LDBM ?

Regards
Marc





|--------+------------------------------------>
|        |                                    |
|        |          "Marius Cabas"            |
|        |          <marius_cabas@hotmail.com>|
|        |          Sent by:                  |
|        |          owner-openldap-software@Op|
|        |          enLDAP.org                |
|        |                                    |
|        |                                    |
|        |          11/13/02 11:35 AM         |
|        |                                    |
|--------+------------------------------------>
  >-----------------------------------------------------------------------------------------------------------|
  |                                                                                                           |
  |      To:     openldap-software@OpenLDAP.org                                                               |
  |      cc:                                                                                                  |
  |      Subject:     Re: Only Openldap 2.1.x support TLS ?                                                   |
  >-----------------------------------------------------------------------------------------------------------|




OpenLDAP via TLS/SSL:
=====================

1. download openldap v2.0.27
2. compile openldap using the following commands:
    > ./configure --enable-ldbm --disable-bdb --with-tls
    > make depend
    > make
    > make install
3. generate the certificate file using OpenSSL:
    > openssl req -new -x509 -nodes -out server.pem -keyout server.pem
-days
365
4. edit the slapd.conf file to support TLS/SSL like below:
    add at the end of the file:
        TLSCertificateFile    /usr/local/etc/ldap/server.pem
        TLSCertificateKeyFile /usr/local/etc/ldap/server.pem
        TLSCACertificateFile  /usr/local/etc/ldap/server.pem
5. start the OpenLDAP listener like below:
    > ./slapd -h "ldap:/// ldaps:///"

Now, you have an OpenLDAP server that supports TLS/SSL.
You can use the Novel LDAP SDK (for example) to connect to the OpenLDAP
server using TLS/SSL. A small piece of code you will find below:

int SSLBind()
{
 int ret = -1;

 // using LDAP version 3
 int version = LDAP_VERSION3;
 ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, &version);

 // initializes the SSL library
 if((ret = ldapssl_client_init(NULL, NULL)) != LDAP_SUCCESS)
  return ret;

 // adds certificates to the list of trusted certificates
 if((ret = ldapssl_add_trusted_cert("server.pem",
LDAPSSL_CERT_FILETYPE_B64)) != LDAP_SUCCESS)
  return ret;

 // creates an LDAP session handle that is SSL enabled
 LDAP *ldap = ldapssl_init("localhost", 636, 1);
 if(ldap == NULL)
  return -1;

 // bind with current credentials
 if((ret = ldap_simple_bind_s(ldap, "cn=manager,o=vt", "start")) !=
LDAP_SUCCESS)
 {
  ldapssl_client_deinit();
  return ret;
 }

 ldap_unbind_s(ldap);
 ldapssl_client_deinit();
 return ret;
}

regards,

Marius

Follow-Ups:
- Re: Only Openldap 2.1.x support TLS ?
  - From: "Marius Cabas" <marius_cabas@hotmail.com>

Prev by Date: Re: back-bdb & DB 4.1.24
Next by Date: Re: Only Openldap 2.1.x support TLS ?
Index(es):
- Chronological
- Thread