Hi, OpenLDAP developers,


I have been able to successfully write a simple C program using the OpenLDAP C-SDK to establish connection to Microsoft Active Directory Server over SSL.


In my test program, I call ldap_set_option( NULL, LDAP_OPT_X_TLS_CACERTDIR, cert_path) to set the path to a directory where all my CA Root certificates are.


OpenLDAP uses OpenSSL format of certificate management, the trusted CA Root Certificates are no longer imported into a single file (aka the certificate store).  OpenSSL hashes the certificate file (.pem format), and uses symbolic link to link to the actual certificate.pem file.


Here’s content of my cert_path dir:


wud2@pleoski:[/emc/wud2/ldap_certdb]> ls -altr

total 80

-rw-r--r--   1 wud2     dctmuser    1688 Sep 16 09:36 ldap112_rootca.pem

drwxr-xr-x   2 wud2     dctmuser    1024 Sep 16 09:37 ./

lrwxrwxrwx   1 wud2     dctmuser      18 Sep 16 10:11 e8332e5a.0 -> ldap112_rootca.pem

drwxr-xr-x  67 wud2     dctmuser    9216 Oct 14 14:04 ../



I am trying to write a Java LDAP client program using Novell’s JLDAP to connect to Microsoft Active Directory server, over SSL.  I would like to use my current cert_path (listed above) to establish LDAP SSL connection, in Java.


I found an example listed on the Novell site:



           // Dynamically set JSSE as a security provider


            Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());




           // Dynamically set the property that JSSE uses to identify


           // the keystore that holds trusted root certificates


            System.setProperty("javax.net.ssl.trustStore", path);





As you can see, in this Java example, the “path” value is expected to be “keystore file that holds trusted root certificates”.


But in my case, I only have a directory where trusted root certificates are present.  I don’t exactly have a single keystore file.


So, my questions is, what is the Java equivalent for ldap_set_option( NULL, LDAP_OPT_X_TLS_CACERTDIR, cert_path)?


Any comments/input would be much appreciated.