Hi, OpenLDAP developers,

 

I have been able to successfully write a simple C program using the OpenLDAP C-SDK to establish connection to Microsoft Active Directory Server over SSL.

 

In my test program, I call ldap_set_option( NULL, LDAP_OPT_X_TLS_CACERTDIR, cert_path) to set the path to a directory where all my CA Root certificates are.

 

OpenLDAP uses OpenSSL format of certificate management, the trusted CA Root Certificates are no longer imported into a single file (aka the certificate store).  OpenSSL hashes the certificate file (.pem format), and uses symbolic link to link to the actual certificate.pem file.

 

Here’s content of my cert_path dir:

 

wud2@pleoski:[/emc/wud2/ldap_certdb]> ls -altr

total 80

-rw-r--r--   1 wud2     dctmuser    1688 Sep 16 09:36 ldap112_rootca.pem

drwxr-xr-x   2 wud2     dctmuser    1024 Sep 16 09:37 ./

lrwxrwxrwx   1 wud2     dctmuser      18 Sep 16 10:11 e8332e5a.0 -> ldap112_rootca.pem

drwxr-xr-x  67 wud2     dctmuser    9216 Oct 14 14:04 ../

 

 

I am trying to write a Java LDAP client program using Novell’s JLDAP to connect to Microsoft Active Directory server, over SSL.  I would like to use my current cert_path (listed above) to establish LDAP SSL connection, in Java.

 

I found an example listed on the Novell site:

http://developer.novell.com/documentation/samplecode/jldap_sample/security/SSLConnection.java.html

 

           // Dynamically set JSSE as a security provider

 

            Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());

 

 

 

           // Dynamically set the property that JSSE uses to identify

 

           // the keystore that holds trusted root certificates

 

            System.setProperty("javax.net.ssl.trustStore", path);

 

 

 

 

As you can see, in this Java example, the “path” value is expected to be “keystore file that holds trusted root certificates”.

 

But in my case, I only have a directory where trusted root certificates are present.  I don’t exactly have a single keystore file.

 

So, my questions is, what is the Java equivalent for ldap_set_option( NULL, LDAP_OPT_X_TLS_CACERTDIR, cert_path)?

 

Any comments/input would be much appreciated.

 

Thanks.

 

Daisy