Aaron Richton wrote:
On Fri, 2 Aug 2013, pramod kulkarni wrote:
Hi,I need information on how to configure OpenLDAP server in the slapd.conf to look for certificates from windows certificate store? Currently i am using certificates from file in a path.
Waiting for your inputs.
In libraries/libldap you'll find
tls_g.c tls_m.c tls_o.c
which are for GnuTLS, MozNSS, and OpenSSL respectively. I'd imagine that the Right Thing would be to make a new file here, that utilizes the Windows crypto APIs (therefore accessing the Windows certificate stores).
You're talking about implementing a wrapper around Windows' schannel DLL which in turn uses CAPI key stores.
Another also rather hypothetical approach: I vaguely remember that someone wrote a PKCS#11 provider for accessing CAPI keystore which could be used in libnss and therefore in OpenLDAP (tls_m.c). It would be a lot of work to get that going - something for adventurers with lots of spare time. ;-}
Ciao, Michael.