Hi, OpenLDAP developers,

I have been able to successfully write a simple C program using the OpenLDAP C-SDK to establish connection to Microsoft Active Directory Server over SSL.

In my test program, I call ldap_set_option( NULL, LDAP_OPT_X_TLS_CACERTDIR, cert_path) to set the path to a directory where all my CA Root certificates are.

OpenLDAP uses OpenSSL format of certificate management, the trusted CA Root Certificates are no longer imported into a single file (aka the certificate store). OpenSSL hashes the certificate file (.pem format), and uses symbolic link to link to the actual certificate.pem file.

Here's content of my cert_path dir:

wud2@pleoski:[/emc/wud2/ldap_certdb]> ls -altr total 80 -rw-r--r-- 1 wud2 dctmuser 1688 Sep 16 09:36 ldap112_rootca.pem drwxr-xr-x 2 wud2 dctmuser 1024 Sep 16 09:37 ./ lrwxrwxrwx 1 wud2 dctmuser 18 Sep 16 10:11 e8332e5a.0 -> ldap112_rootca.pem drwxr-xr-x 67 wud2 dctmuser 9216 Oct 14 14:04 ../

I am trying to write a Java LDAP client program using Novell's JLDAP to connect to Microsoft Active Directory server, over SSL. I would like to use my current cert_path (listed above) to establish LDAP SSL connection, in Java.

I found an example listed on the Novell site: http://developer.novell.com/documentation/samplecode/jldap_sample/security/S...

// Dynamically set JSSE as a security provider

Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());

// Dynamically set the property that JSSE uses to identify

// the keystore that holds trusted root certificates

System.setProperty("javax.net.ssl.trustStore", path);

As you can see, in this Java example, the "path" value is expected to be "keystore file that holds trusted root certificates".

But in my case, I only have a directory where trusted root certificates are present. I don't exactly have a single keystore file.

So, my questions is, what is the Java equivalent for ldap_set_option( NULL, LDAP_OPT_X_TLS_CACERTDIR, cert_path)?

Any comments/input would be much appreciated.

Thanks.

Daisy