[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: More SASL/SSL questions.

Ben Bargabus wrote:

I'm still a bit confused about SASL and SSL from a client programming
perspective (and the almost complete lack of documentation doesn't help

1. Does a SASL bind produce an encrypted session for any communication
that follows the authentication or does it just encrypt the bindDN and

In general, what SASL does is left to the SASL documentation. To answer your question, if a particular SASL mechanism supports session encryption then OpenLDAP will use that feature by default. You can set the SASL security properties to disable these mechanisms if you want.

2. Is there ANY documentation for ldap_sasl_bind_s() that describes its
arguments and return value?

The arguments and return values are spelled out in the source code. In general, this function is not what you want though, you should be using ldap_sasl_interactive_bind_s() instead because it handles all the interactions with the SASL library and it's a pain to manage that yourself.

3. Is there ANY documentation for ldap_initialize()?  Particularly I'm
wondering how to use it to create an SSL session (is it as simple as
ldap_initialize(&ld, "ldaps://myserver.com:636")).  Is there a better
way to create an SSL session?

Yes, it's as simple as that.

4. If the answer to 2 and/or 3 is no can someone please explain them?

When you're writing your own LDAP client for the first time, it's often easiest to use existing code as an example. In this case, you should be looking at the code in clients/tools as a canonical example of how to do just about everything.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support