Hello,
I'm using the openldap c client library (2.4.45).
I would like to somehow have two client instances (not necessarily simultaneously) within the same application, but I'm having issues with the second instance I create.
I have not found a way to clear the global options so the new ones (different ca cerficiate, different client certificate) can be used with the second instance. With the second ldap_initialize, global options are already initialized. Same with the TLS context, it's initialized too.
I have seen that the function that destroys the global options is called only when the program exits, or the dyn library is unloaded. Is this correct? Is this somehow a limitation of the library?
Thank you,
Martxel
Lasa Martxel wrote:
Hello,
I'm using the openldap c client library (2.4.45).
I would like to somehow have two client instances (not necessarily simultaneously) within the same application, but I'm having issues with the second instance I create.
I have not found a way to clear the global options so the new ones (different ca cerficiate, different client certificate) can be used with the second instance. With the second ldap_initialize, global options are already initialized. Same with the TLS context, it's initialized too.
So just use ldap_set_option on the second LDAP* handle and change the options.
Hello Howard,
I have tried that, but without success.
I have had a look at the tls implementation, and once the tls context is created and initialized, it is only destroyed when the reference count to the context is 0, which happens when the context is destroyed.
From what I've seen, the context is destroyed when the program exits (atexit callback).
The tls context contains the client certificates among other things, so I can't reinitialize it with the new ones for the second instance.
I may be missing something.
Thanks!
________________________________ De: Howard Chu hyc@symas.com Enviado: jueves, 2 de abril de 2020 12:31 Para: Lasa Martxel mlasa@ikerlan.es; openldap-technical@openldap.org openldap-technical@openldap.org Asunto: Re: Multiple OpenLDAP client instances with the c library
Lasa Martxel wrote:
Hello,
I'm using the openldap c client library (2.4.45).
I would like to somehow have two client instances (not necessarily simultaneously) within the same application, but I'm having issues with the second instance I create.
I have not found a way to clear the global options so the new ones (different ca cerficiate, different client certificate) can be used with the second instance. With the second ldap_initialize, global options are already initialized. Same with the TLS context, it's initialized too.
So just use ldap_set_option on the second LDAP* handle and change the options.
-- -- Howard Chu CTO, Symas Corp. https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.symas.c... Director, Highland Sun https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fhighlandsun... Chief Architect, OpenLDAP https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.openlda...
Lasa Martxel wrote:
Hello Howard,
I have tried that, but without success.
I have had a look at the tls implementation, and once the tls context is created and initialized, it is only destroyed when the reference count to the context is 0, which happens when the context is destroyed.
From what I've seen, the context is destroyed when the program exits (atexit callback).
The tls context contains the client certificates among other things, so I can't reinitialize it with the new ones for the second instance.
I may be missing something.
Yes. Read the ldap_set_option(3) manpage more carefully. Use LDAP_OPT_X_TLS_NEWCTX.
Thanks!
*De:* Howard Chu hyc@symas.com *Enviado:* jueves, 2 de abril de 2020 12:31 *Para:* Lasa Martxel mlasa@ikerlan.es; openldap-technical@openldap.org openldap-technical@openldap.org *Asunto:* Re: Multiple OpenLDAP client instances with the c library Lasa Martxel wrote:
Hello,
I'm using the openldap c client library (2.4.45).
I would like to somehow have two client instances (not necessarily simultaneously) within the same application, but I'm having issues with the second instance I create.
I have not found a way to clear the global options so the new ones (different ca cerficiate, different client certificate) can be used with the second instance. With the second ldap_initialize, global options are already initialized. Same with the TLS context, it's initialized too.
So just use ldap_set_option on the second LDAP* handle and change the options.
-- -- Howard Chu CTO, Symas Corp. https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.symas.c... Director, Highland Sun https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fhighlandsun... Chief Architect, OpenLDAP https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.openlda...
Thank you Howard, I missed that option.
________________________________ De: Howard Chu hyc@symas.com Enviado: jueves, 2 de abril de 2020 13:06 Para: Lasa Martxel mlasa@ikerlan.es; openldap-technical@openldap.org openldap-technical@openldap.org Asunto: Re: Multiple OpenLDAP client instances with the c library
Lasa Martxel wrote:
Hello Howard,
I have tried that, but without success.
I have had a look at the tls implementation, and once the tls context is created and initialized, it is only destroyed when the reference count to the context is 0, which happens when the context is destroyed.
From what I've seen, the context is destroyed when the program exits (atexit callback).
The tls context contains the client certificates among other things, so I can't reinitialize it with the new ones for the second instance.
I may be missing something.
Yes. Read the ldap_set_option(3) manpage more carefully. Use LDAP_OPT_X_TLS_NEWCTX.
Thanks!
*De:* Howard Chu hyc@symas.com *Enviado:* jueves, 2 de abril de 2020 12:31 *Para:* Lasa Martxel mlasa@ikerlan.es; openldap-technical@openldap.org openldap-technical@openldap.org *Asunto:* Re: Multiple OpenLDAP client instances with the c library
Lasa Martxel wrote:
Hello,
I'm using the openldap c client library (2.4.45).
I would like to somehow have two client instances (not necessarily simultaneously) within the same application, but I'm having issues with the second instance I create.
I have not found a way to clear the global options so the new ones (different ca cerficiate, different client certificate) can be used with the second instance. With the second ldap_initialize, global options are already initialized. Same with the TLS context, it's initialized too.
So just use ldap_set_option on the second LDAP* handle and change the options.
-- -- Howard Chu CTO, Symas Corp. https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.symas.c... Director, Highland Sun https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fhighlandsun... Chief Architect, OpenLDAP https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.openlda...
-- -- Howard Chu CTO, Symas Corp. https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.symas.c... Director, Highland Sun https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fhighlandsun... Chief Architect, OpenLDAP https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.openlda...
openldap-technical@openldap.org
-
Howard Chu -
Lasa Martxel