Hi OpenLDAP team,

 

I have a question, simple I hope, for you - I need to send client certificate to the server openldap server (by using openldap api and openSSL).

For completing this job, first I initalized ldap with url containing ldaps in the url scheme (ldaps://fqdn_of_ldap_server:636).

I have set

LDAP_OPT_PROTOCOL_VERSION                            ->            LDAP_VERSION3

LDAP_OPT_X_TLS_PROTOCOL_MIN                       ->            LDAP_OPT_X_TLS_PROTOCOL_TLS1_2

LDAP_OPT_X_TLS_REQUIRE_CERT                          ->            LDAP_OPT_X_TLS_DEMAND

LDAP_OPT_X_TLS_CONNECT_ARG                         ->            fqdn_of_ldap_server

LDAP_OPT_X_TLS_CONNECT_CB                             ->            my_tsl_verify_callback

 

and then I called ldap_sasl_bind:

ldap_sasl_bind(mLdapObj, NULL, "EXTERNAL", NULL, NULL, NULL, &msgid);

 

What I saw is that certficate from the server was received, but how to send client certifikate. I played arround with LDAP_OPT_X_TLS_CERTFILE (sending the abs path to the .pem file) but nothing. Also, I saw that this parameter was not taken into account - it looks like ssl_ctx object used for ssl_connect does not include path to the file (like two global structures used for setting up ctx know nothing about each other.)

Can you, help me with this?

 

Regards,

Aleksandar