Another question about LDAP over SSL

To: openldap-technical@openldap.org

Subject: Another question about LDAP over SSL

From: Bryan Boone <v_1bboon@yahoo.com>

Date: Mon, 12 Jul 2010 19:20:58 -0700 (PDT)

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1278987658; bh=M6b+gKn0+h+wf0hkOIvU/SPno0YodpnpRlBQWFc30gk=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=0Zq3B2Ng0nxQ32YvbIsVA67IgBaLOin+KuMQB/8JSTUaIP19ulUaFAceGZm2Kw0+Mci0gL9ChbvAPe2x+crtVI2/8IPQB2NRLD20Woo141vBv82h8WgMpKe5WGdDoPZWWwDr7iAxiXgCJV7twsWxS2MmKozWj+rxhMqJGtVVliQ=

Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=jb/8WFpwBQmfjDqT1+6iHn0Pv+9QX0tk95zCRiBPzq8qC931SaimU7lJJeSNGpWLxRX+XbOcNbptyHJVHiPzEcC4ta2IUn4suovx5Rc7SYnY3i5AD46O0VYo1Pj14Zt8njCiOI5itI6EpPNiMWN3IGB6BRE7fGg99hU/dU+aGJs=;

Hi everyone. I have another "duh" question.

I am writing software for a proprietary piece of hardware. I will be using the C libraries for openldap. I need to write some functions for LDAP so that the UI of the software has the option to authenticate a user via LDAP and LDAP over SSL. Basically it will just act like a client that will Simple Bind to the LDAP server for authentication.

I read the document here. http://www.openldap.org/faq/data/cache/185.html

I followed the instructions on the website to generate the SSL certs.

My question is, on the website above it says....

"You must also install a copy of the CA certificate on all of your client machines. Configuration is done in /usr/local/etc/openldap/ldap.conf:"

Does this mean I need to provide a way to the customer to manually transfer his/her CA cert the proprietary hardware, if they want to use LDAP over SSL??? Or when I use the Start TLS function, do the certs automatically get transfered behind the scene?

thanks

Follow-Ups:

Re: Another question about LDAP over SSL
- From: Chris Jacobs <Chris.Jacobs@apollogrp.edu>