Hi everyone. I am trying to develop an ldap client that uses SSL.
I read in the documentation on the openldap website this...
You must also install a copy of the CA certificate on all of your client machines. Configuration is done in /usr/local/etc/openldap/ldap.conf:
TLS_CACERT /usr/local/etc/openldap/cacert.pem Does this mean that the function ldap_start_tls_s()performs mutual SSL authentication??? If I want to achieve server side authentication, does that mean I will have to use the openSSL libraries to get the server cert prior to using the ldap_start_tls_s() function???
On 26/07/10 15:20 -0700, Bryan Boone wrote:
Hi everyone. I am trying to develop an ldap client that uses SSL.
I read in the documentation on the openldap website this...
You must also install a copy of the CA certificate on all of your client machines. Configuration is done in /usr/local/etc/openldap/ldap.conf:
TLS_CACERT /usr/local/etc/openldap/cacert.pem Does this mean that the function ldap_start_tls_s()performs mutual SSL authentication???
See chapter 16 of the OpenLDAP Administrator's Guide, specifically TLSVerifyClient and TLS_CERT.
If I want to achieve server side authentication, does that mean I will have to use the openSSL libraries to get the server cert prior to using the ldap_start_tls_s() function???
No. I don't believe you'll need to directly call any SSL libraries to make use of it.
openldap-technical@openldap.org
-
Bryan Boone -
Dan White