[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: More SASL/SSL questions.

At 05:52 PM 6/11/2004, Ben Bargabus wrote:
>I'm still a bit confused about SASL and SSL from a client programming
>perspective (and the almost complete lack of documentation doesn't help
>1. Does a SASL bind produce an encrypted session for any communication
>that follows the authentication or does it just encrypt the bindDN and

It may (in either case), but not necessarily.  Also note that
TLS (SSL) may, but not necessarily, provide encryption.

>2. Is there ANY documentation for ldap_sasl_bind_s() that describes its
>arguments and return value?

See doc/drafts/draft-ietf-ldapext-ldap-c-api-xx.txt and,
of course, the code.

>3. Is there ANY documentation for ldap_initialize()? 

Just code.

>Particularly I'm
>wondering how to use it to create an SSL session (is it as simple as
>ldap_initialize(&ld, "ldaps://myserver.com:636")).  Is there a better
>way to create an SSL session?

That requests create a "secure" LDAP session protected
by TLS (SSL).  (I use the term protected loosely here
as TLS (SSL) may actually not offer any protection.)