I'm wondering if it's possible to re-read certificates after I have
initialized my connection and performed the sasl bind? Right now, for
example, our C SDK does the following:
void connectToServer()
{
if(!connected)
{
ldapssl_clientauth_init(...);
ldapssl_init(...);
ldapssl_enable_clientauth(...);
set_option(LDAP_OPT_RECONNECT = ON);
connected = true;
}
ldap_sasl_bind_s(...);
}
We then check the return from every API call for LDAP_SERVER_DOWN and
LDAP_CONNECT_ERROR to see if we need to call this connectToServer
method again (and thus only redo the sasl bind). Just as a test I
moved the connected flag logic ONLY around the ldapssl_init -- so it
never gets called twice -- and re-generated my certificate while the
software was running. The software detected this and when it tried to
call ldapssl_enable_clientauth again, it failed with error code -1.
Is what I'm trying to do possible, and do I need to take the approach
of turning off the RECONNECT option and just creating a new ldap
connection object each time? We tried this before but had a handful of
apps coring, so if possible I'd like to stay away from this approach.
Thanks for any help,
Mike
_______________________________________________
dev-tech-ldap mailing list
dev-tech-ldap@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-ldap
