Re: LDAP SSL APIs

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

At 11:15 PM 2/3/2005, Jothiram Selvam wrote:
>Hi Kurt,
>
>Thanks.
>
>I am a newbie.. I have many questions.. I have been searching the
>net.. But Im not able to get answers for my questions..
>
>Please excuse me, if im asking some silly questions..
>
>1. For SSL Encryption what is the function available.. Is the
>ldap_initialize function alone enough for establishing a SSL Encrypted
>connection??

If you want to use the standard mechanism for installing
TLS (SSL), you want to use ldap_start_tls_s(3).  If you
want to use the non-standard ldaps approach, just pass an
ldaps URL to ldap_initialize(3).

>Is the cacertificate needed for this, Should I be
>specifying the location of the cacertificate.. If yes, how to specify
>it in my code.. I mean what function should I be using for this..

You can either just rely on ldap.conf(5) to provide these
values (as ldapsearch(1) and friends do), or you can use
ldap_set_option(3).

>2. For SSL Authentication in LDAPv3, we have to use SASL EXTERNAL
>mechanism.. How could I specify the location of the certificates'
>location in my code..??

Same as in 1.

>What are the other things that I should
>provide for successful EXTERNAL authentication..

Some might argue that you should check to see if EXTERNAL is
published as an available mechanism before using it... but
the check is actually quite pointless.

Kurt


>TIA
>
>Jothiram S
>
>
>
>
>On Thu, 03 Feb 2005 10:42:59 -0800, Kurt D. Zeilenga <Kurt@openldap.org> wrote:
>> At 11:32 PM 2/2/2005, Jothiram Selvam wrote:
>> >Are there any sample codes for SSL Authentication and Encryption that
>> >uses OpenLDAP Libraries.
>> 
>> clients/tools/ldap*.c
>> 
>> Kurt
>> 
>>