[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: openLDAP and SSL client/server certs

To: Bryan Boone <v_1bboon@yahoo.com>
Subject: Re: openLDAP and SSL client/server certs
From: Dan White <dwhite@olp.net>
Date: Mon, 26 Jul 2010 22:21:15 -0500
Cc: openldap-technical@openldap.org
Content-disposition: inline
In-reply-to: <548895.7749.qm@web65513.mail.ac4.yahoo.com>
References: <548895.7749.qm@web65513.mail.ac4.yahoo.com>
User-agent: Mutt/1.5.18 (2008-05-17)

On 26/07/10 15:20 -0700, Bryan Boone wrote:

Hi everyone.  I am trying to develop an ldap client that uses SSL.

I read in the documentation on the openldap website this...
You must also install a copy of the CA certificate on all of your clientmachines. Configuration is done in /usr/local/etc/openldap/ldap.conf:TLS_CACERT /usr/local/etc/openldap/cacert.pemDoes this mean that the function ldap_start_tls_s()performs mutual SSLauthentication???


See chapter 16 of the OpenLDAP Administrator's Guide, specifically
TLSVerifyClient and TLS_CERT.

If I want to achieve server side authentication, does that mean I will have touse the openSSL libraries to get the server cert prior to using theldap_start_tls_s() function???


No. I don't believe you'll need to directly call any SSL libraries to
make use of it.

--
Dan White

References:
- openLDAP and SSL client/server certs
  - From: Bryan Boone <v_1bboon@yahoo.com>

Prev by Date: Re: "objectClass: olcBdbConfig" causes "ldap_add: Invalid syntax" error
Next by Date: Re: "objectClass: olcBdbConfig" causes "ldap_add: Invalid syntax" error
Index(es):
- Chronological
- Thread