[Date Prev][Date Next]
Re: More SASL/SSL questions.
Ben Bargabus wrote:
I'm still a bit confused about SASL and SSL from a client programming
perspective (and the almost complete lack of documentation doesn't help
1. Does a SASL bind produce an encrypted session for any communication
that follows the authentication or does it just encrypt the bindDN and
In general, what SASL does is left to the SASL documentation. To answer
your question, if a particular SASL mechanism supports session
encryption then OpenLDAP will use that feature by default. You can set
the SASL security properties to disable these mechanisms if you want.
2. Is there ANY documentation for ldap_sasl_bind_s() that describes its
arguments and return value?
The arguments and return values are spelled out in the source code. In
general, this function is not what you want though, you should be using
ldap_sasl_interactive_bind_s() instead because it handles all the
interactions with the SASL library and it's a pain to manage that yourself.
3. Is there ANY documentation for ldap_initialize()? Particularly I'm
wondering how to use it to create an SSL session (is it as simple as
ldap_initialize(&ld, "ldaps://myserver.com:636")). Is there a better
way to create an SSL session?
Yes, it's as simple as that.
4. If the answer to 2 and/or 3 is no can someone please explain them?
When you're writing your own LDAP client for the first time, it's often
easiest to use existing code as an example. In this case, you should be
looking at the code in clients/tools as a canonical example of how to do
just about everything.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
Symas: Premier OpenSource Development and Support