Saurabh Chopra wrote:
> Hi
>
> I arrived at the conclusion that the function "ldapssl_client_init"
> isn't working for my code, if I use LDAP SDK 6.0 binaries. But if I use
> the old LDAP 5.2 binaries, it works fine.
> Here is a sample code that I used to compile it on RHAS 3.0 (also
> attached with mail):
>
> #include <ldap.h>
> #include <ldap_ssl.h>
> #include <stdio.h>
> /* Initialize client, using mozilla's certificate database */
>
> int main(void) {
> /* "/home/infwaer/test/" is the folder that contains cert7.db and
> key3.db*/
>
> if(ldapssl_client_init( "/home/infwaer/test/", NULL ) < 0) {
> printf( "Failed to initialize SSL client...\n" );
> return( 1 );
> }
> else
> printf( "Initialized SSL client...\n" );
>
> }
>
> I used the following command to compile it with 5.2 binaries, and was
> able to successfully call the function ldapssl_client_init:
>
> gcc ldapclient.c -I/home/infwaer/nsldap/5.2/RHAS3.0/include
> -L/home/infwaer/saurabh_review/lib -lldap50 -lnspr4 -lplds4 -lplc4
> -lsoftokn3 -lnss3 -lssl3 -lprldap50 -lssldap50 -ldigestmd5 -lsasl
>
> But when I compiled it using 6.0 binaries using the same command:
> gcc ldapclient.c -I/home/infwaer/nsldap/6.0/RHAS3.0/include
> -L/home/infwaer/saurabh_review/lib -lldap60 -lnspr4 -lplds4 -lplc4
> -lsoftokn3 -lnss3 -lssl3 -lprldap60 -lssldap60 -ldigestmd5 -lsasl
>
> It gave the error "failed to initialize" (as written in the code !)
>
> Please help me out; n let me know if it is a known issue with LDAP SDK
> 6.0
It is not a known issue - SSL/TLS works fine with the 6.0 code. I
suggest starting with the source code for the command line programs,
especially common.c which contains the SSL/TLS connection code common to
all of the clients -
http://lxr.mozilla.org/mozilla/source/directory/c-sdk/ldap/clients/tools/common.c#962
>
> Thanks
> Saurabh
>
>
> -----Original Message-----
> From: Rich Megginson [mailto:[EMAIL PROTECTED] On Behalf Of Rich
> Megginson
> Sent: Friday, March 23, 2007 7:49 PM
> To: Saurabh Chopra
> Cc: [EMAIL PROTECTED]; [email protected]
> Subject: Re: Help needed on LDAP 6.0 SDK
>
> Saurabh Chopra wrote:
>> Hi
>>
>> I just get the error that the User Directory could not be contacted.
>
> Can you post the exact error message or error codes? What is the
> application? Have you tried to use the ldapsearch command line tool?
>
>> When I earlier used LDAP 5.2 binaries, it worked absolutely fine. But
>> after having upgraded to LDAP SDK 6.0.2, I have not been able to use
> SSL
>> over LDAP Directory Server. The nss version I used is 3.11.4 and nspr
>> version is 4.6.
>> I tried generating cert8.db using Mozilla Firefox 2.0, but the problem
>> persists. Please help.
>>
>> Thanks
>> Saurabh
>>
>> -----Original Message-----
>> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
>> Sent: Thursday, March 22, 2007 9:36 PM
>> To: Saurabh Chopra
>> Cc: [email protected]
>> Subject: Re: Help needed on LDAP 6.0 SDK
>>
>>
>> Saurabh Chopra wrote:
>>
>>> I used pre-built LDAP SDK 6.0 binaries and have been able to connect
>> to
>>> LDAP interface. But I am facing problems with connectivity over SSL.
>> what problems exactly ? any error messages / return codes etc you can
>> provide here ?
>>
>>> Has it got something to do with cert7.db and key3.db? I dragged and
>>> dropped my Certifying Authority's root certificate into Netscape
>> Browser
>>> 476, and generated the cert7.db. Do I need to use a newer version of
>>> Netscape for the same?
>> as Rich already mentioned NSS moved to new secdb format and now it is
>> cert8 which is incompatible with cert7 but NSS should create cert8 by
>> default automatically and use new db instead. to manage secdb you need
>> NSS sectools you can get from location Rich has mentioned, for usage &
>> help on them see
> http://www.mozilla.org/projects/security/pki/nss/tools/
>> **************** CAUTION - Disclaimer *****************
>> This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended
> solely for the use of the addressee(s). If you are not the intended
> recipient, please notify the sender by e-mail and delete the original
> message. Further, you are not to copy, disclose, or distribute this
> e-mail or its contents to any other person and any such actions are
> unlawful. This e-mail may contain viruses. Infosys has taken every
> reasonable precaution to minimize this risk, but is not liable for any
> damage you may sustain as a result of any virus in this e-mail. You
> should carry out your own virus checks before opening the e-mail or
> attachment. Infosys reserves the right to monitor and review the content
> of all messages sent to or from this e-mail address. Messages sent to or
> from this e-mail address may be stored on the Infosys e-mail system.
>> ***INFOSYS******** End of Disclaimer ********INFOSYS***
>
_______________________________________________
dev-tech-ldap mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-ldap
