22 Jun
2007
22 Jun
'07
7:05 p.m.
Hallvard B Furuseth wrote:
Roberto Aguilar writes:
Setting TLS_CACERT to the server's CA certificate allows the connection to go through, but that is not feasible as I need to connect to servers with different CAs.
I tried looking through ldapsearch.c to find the secret sauce to get this to work, but was not successful. Can someone point me in the right direction.
libldap handles it for ldapsearch. If you mean you want to set the CA cert by hand in the program, use rc = ldap_set_option(ld, LDAP_OPT_X_TLS_CACERTFILE, "<CA cert filename>");
Also, as noted in the Admin Guide, you can place multiple CA certs in a single file, and you typically need to do this on clients anyway.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/