Hi, OpenLDAP developers,
I have been able to successfully write a simple C program using the OpenLDAP C-SDK to establish connection to Microsoft Active Directory Server over SSL.
In my test program, I call ldap_set_option( NULL, LDAP_OPT_X_TLS_CACERTDIR, cert_path) to set the path to a directory where all my CA Root certificates are.
OpenLDAP uses OpenSSL format of certificate management, the trusted CA Root Certificates are no longer imported into a single file (aka the certificate store). OpenSSL hashes the certificate file (.pem format), and uses symbolic link to link to the actual certificate.pem file.
Here’s content of my cert_path dir:
wud2@pleoski:[/emc/wud2/ldap_certdb]> ls -altr
total 80
-rw-r--r-- 1 wud2 dctmuser 1688 Sep 16 09:36 ldap112_rootca.pem
drwxr-xr-x 2 wud2 dctmuser 1024 Sep 16 09:37 ./
lrwxrwxrwx 1 wud2 dctmuser 18 Sep 16 10:11 e8332e5a.0 -> ldap112_rootca.pem
drwxr-xr-x 67 wud2 dctmuser 9216 Oct 14 14:04 ../
I am trying to write a Java LDAP client program using Novell’s JLDAP to connect to Microsoft Active Directory server, over SSL. I would like to use my current cert_path (listed above) to establish LDAP SSL connection, in Java.
I found an example listed on the Novell site:
http://developer.novell.com/documentation/samplecode/jldap_sample/security/SSLConnection.java.html
// Dynamically set JSSE as a security provider
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
// Dynamically set the property that JSSE uses to identify
// the keystore that holds trusted root certificates
System.setProperty("javax.net.ssl.trustStore", path);
As you can see, in this Java example, the “path” value is expected to be “keystore file that holds trusted root certificates”.
But in my case, I only have a directory where trusted root certificates are present. I don’t exactly have a single keystore file.
So, my questions is, what is the Java equivalent for ldap_set_option( NULL, LDAP_OPT_X_TLS_CACERTDIR, cert_path)?
Any comments/input would be much appreciated.
Thanks.
Daisy