Hi, OpenLDAP developers,
I have been able to successfully write a simple C program using the OpenLDAP C-SDK to establish connection to Microsoft Active Directory Server over SSL.
In my test program, I call ldap_set_option( NULL, LDAP_OPT_X_TLS_CACERTDIR, cert_path) to set the path to a directory where all my CA Root certificates are.
OpenLDAP uses OpenSSL format of certificate management, the trusted CA Root Certificates are no longer imported into a single file (aka the certificate store). OpenSSL hashes the certificate file (.pem format), and uses symbolic link to link to the actual certificate.pem file.
Here’s content of my cert_path dir:
wud2@pleoski:[/emc/wud2/ldap_certdb]> ls -altr
-rw-r--r-- 1 wud2 dctmuser 1688 Sep 16 09:36 ldap112_rootca.pem
drwxr-xr-x 2 wud2 dctmuser 1024 Sep 16 09:37 ./
lrwxrwxrwx 1 wud2 dctmuser 18 Sep 16 10:11 e8332e5a.0 -> ldap112_rootca.pem
drwxr-xr-x 67 wud2 dctmuser 9216 Oct 14 14:04 ../
I am trying to write a Java LDAP client program using Novell’s JLDAP to connect to Microsoft Active Directory server, over SSL. I would like to use my current cert_path (listed above) to establish LDAP SSL connection, in Java.
I found an example listed on the Novell site:
// Dynamically set JSSE as a security provider
// Dynamically set the property that JSSE uses to identify
// the keystore that holds trusted root certificates
As you can see, in this Java example, the “path” value is expected to be “keystore file that holds trusted root certificates”.
But in my case, I only have a directory where trusted root certificates are present. I don’t exactly have a single keystore file.
So, my questions is, what is the Java equivalent for ldap_set_option( NULL, LDAP_OPT_X_TLS_CACERTDIR, cert_path)?
Any comments/input would be much appreciated.