Hi Team,
We are developing a LDAP client in our application. For this we are using
openLDAP software.
One of our requirement is to support either LDAP or LDAPS (LDAP/TLS) ,
based on the end-user input at runtime.
So, in our application we should have support for both LDAP & LDAPS APIs
and we would be calling LDAPS API (ldap_tls_start_s) based on this runtime
configuration or else normal LDAP API would be called.
ISSUE:
We are able to integrate openLDAP with our application and achieve LDAP or
LDAP/TLS requirement separately.
Since, the support for TLS in openLDAP is macro controlled (HAVE_TLS), at
compile time itself its decided whether LDAP or LDAPs . And we are not able
to take this decision at run-time.
If we compile openLDAP software with HAVE_TLS and use it for normal
ldapsearch, this ldap command is seen in trace as ldap message over SSL
without any encryption. But not as normal LDAP message.
So, we understand to achieve our requirement,
we would either be required to change the macro control of TLS to run-time
control in the openLDAP code. (But we are feeling not to do this for
maintainability purpose)
(or)
Try to use 2 openLDAP libraries, one compiled with HAVE_TLS and another
without HAVE_TLS. And take care in application side to call the respective
API without causing any resolution issue.
Can you please suggest whether there is any other approach currently
available in openLDAP to support both LDAP and LDAP/TLS at the sametime.
Regards,
G Gokul