Re: Another question about LDAP over SSL

[Chris Jacobs <Chris.Jacobs@apollogrp.edu>]

This really is a basic 'cert' issue.

There's a ton of non-openldap coverage of this topic (self-signed and CA purchased certs).

In a nutshell, you'll need to provide a way for your customer's to use a cert of their choosing, and let them sort out how to get their clients to trust the signer of that cert.

- chris

Chris Jacobs, Systems Administrator
Apollo Group | Apollo Marketing | Aptimus
2001 6th Ave Ste 3200 | Seattle, WA 98121
phone: 206.441.9100 x1245 | mobile: 206.601.3256 | fax: 206.441.9661
email: chris.jacobs@apollogrp.edu

---

From: openldap-technical-bounces@OpenLDAP.org <openldap-technical-bounces@OpenLDAP.org>
To: openldap-technical@openldap.org <openldap-technical@openldap.org>
Sent: Mon Jul 12 19:20:58 2010
Subject: Another question about LDAP over SSL

Hi everyone.  I have another "duh" question.

 

I am writing software for a proprietary piece of hardware.  I will be using the C libraries for openldap.  I need to write some functions for LDAP so that the UI of the software has the option to authenticate a user via LDAP and LDAP over SSL.  Basically it will just act like a client that will Simple Bind to the LDAP server for authentication.

 

I read the document here.  http://www.openldap.org/faq/data/cache/185.html

 

I followed the instructions on the website to generate the SSL certs.

 

My question is, on the website above it says....

 

"You must also install a copy of the CA certificate on all of your client machines. Configuration is done in /usr/local/etc/openldap/ldap.conf:"

 

Does this mean I need to provide a way to the customer to manually transfer his/her CA cert the proprietary hardware, if they want to use LDAP over SSL???  Or when I use the Start TLS function, do the certs automatically get transfered behind the scene?

 

thanks

---

This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.