Aaron Richton wrote:
> On Fri, 2 Aug 2013, pramod kulkarni wrote:
>
>> Hi,I need information on how to configure OpenLDAP server in the slapd.conf
>> to look for certificates from windows certificate store?
>> Currently i am using certificates from file in a path.
>>
>> Waiting for your inputs.
>
> In libraries/libldap you'll find
>
> tls_g.c  tls_m.c  tls_o.c
>
> which are for GnuTLS, MozNSS, and OpenSSL respectively. I'd imagine that the
> Right Thing would be to make a new file here, that utilizes the Windows crypto
> APIs (therefore accessing the Windows certificate stores).

You're talking about implementing a wrapper around Windows' schannel DLL which
in turn uses CAPI key stores.

Another also rather hypothetical approach:
I vaguely remember that someone wrote a PKCS#11 provider for accessing CAPI
keystore which could be used in libnss and therefore in OpenLDAP (tls_m.c).
It would be a lot of work to get that going - something for adventurers with
lots of spare time. ;-}

Ciao, Michael.