[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Only Openldap 2.1.x support TLS ?
there's no performance reasons...just because i use a database support
(--enable-ldbm) but i haven't installed the Berkley DB support
(--disable-bdb).
<marc.bigler@day.com> wrote in message
OFB14AA7CD.CBB485AD-ONC1256C70.0045757B@day.com">news:OFB14AA7CD.CBB485AD-ONC1256C70.0045757B@day.com...
>
> Just per curiosity, what do you enable LDBM and disable BDB, is that a
> performance reason ? Also does Berkley DB v3.1 already support LDBM ?
>
> Regards
> Marc
>
>
>
>
>
> |--------+------------------------------------>
> | | |
> | | "Marius Cabas" |
> | | <marius_cabas@hotmail.com>|
> | | Sent by: |
> | | owner-openldap-software@Op|
> | | enLDAP.org |
> | | |
> | | |
> | | 11/13/02 11:35 AM |
> | | |
> |--------+------------------------------------>
>
>---------------------------------------------------------------------------
--------------------------------|
> |
|
> | To: openldap-software@OpenLDAP.org
|
> | cc:
|
> | Subject: Re: Only Openldap 2.1.x support TLS ?
|
>
>---------------------------------------------------------------------------
--------------------------------|
>
>
>
>
> OpenLDAP via TLS/SSL:
> =====================
>
> 1. download openldap v2.0.27
> 2. compile openldap using the following commands:
> > ./configure --enable-ldbm --disable-bdb --with-tls
> > make depend
> > make
> > make install
> 3. generate the certificate file using OpenSSL:
> > openssl req -new -x509 -nodes -out server.pem -keyout server.pem
> -days
> 365
> 4. edit the slapd.conf file to support TLS/SSL like below:
> add at the end of the file:
> TLSCertificateFile /usr/local/etc/ldap/server.pem
> TLSCertificateKeyFile /usr/local/etc/ldap/server.pem
> TLSCACertificateFile /usr/local/etc/ldap/server.pem
> 5. start the OpenLDAP listener like below:
> > ./slapd -h "ldap:/// ldaps:///"
>
> Now, you have an OpenLDAP server that supports TLS/SSL.
> You can use the Novel LDAP SDK (for example) to connect to the OpenLDAP
> server using TLS/SSL. A small piece of code you will find below:
>
> int SSLBind()
> {
> int ret = -1;
>
> // using LDAP version 3
> int version = LDAP_VERSION3;
> ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, &version);
>
> // initializes the SSL library
> if((ret = ldapssl_client_init(NULL, NULL)) != LDAP_SUCCESS)
> return ret;
>
> // adds certificates to the list of trusted certificates
> if((ret = ldapssl_add_trusted_cert("server.pem",
> LDAPSSL_CERT_FILETYPE_B64)) != LDAP_SUCCESS)
> return ret;
>
> // creates an LDAP session handle that is SSL enabled
> LDAP *ldap = ldapssl_init("localhost", 636, 1);
> if(ldap == NULL)
> return -1;
>
> // bind with current credentials
> if((ret = ldap_simple_bind_s(ldap, "cn=manager,o=vt", "start")) !=
> LDAP_SUCCESS)
> {
> ldapssl_client_deinit();
> return ret;
> }
>
> ldap_unbind_s(ldap);
> ldapssl_client_deinit();
> return ret;
> }
>
> regards,
>
> Marius
>
>
>
>
>
>
>
>
>