Jeff,
i can only speak for Sun version of LDAP C SDK here which is the same codebase as Mozilla version but they are not in sync for quite some time now :( so keep that in mind when reading my comments below.
For instance, you'll need nssckbi.dll (for the root certs), which comes from NSS, not the C-SDK. So you have to find the same version of NSS that the C-SDK was linked against (3.2.2).
we ship all required libs as part of our SDKs.
You need to call NSS_Init(), then set your crypto policies and enable the set of ciphers of your choosing.
you dont have to do that. SDK will take care of that for you. again read the docs i mentioned, its all there.
For NSS_Init to work, you need the cert and key databases...the docs say to use keyutil,
> but after a week of fruitless > searching, you'll find out that it's been superceeded by certutil.
i dont recall seeing anything like that in our docs. please point exact location in the docs if something is outdated and i will file a bug to get it fixed.
you have that done, you'll get a crash in NSS_Init with a bad ptr passed to PR_Free (at least I did - n.b. on Win2k).
well as i said you dont have to go there and if you do you need to make sure you know what you doing :)
Pardon me if I sound cranky, it's Monday and I've been at this for a week and a half now :)
i understand that. download 5.08 or 5.11 [extract it from DSRK] from http://www.sun.com/download/index.jsp?cat=Application%20Development&tab=3#sdk in "SDKs (Software Development Kits)" section. they quite old but we are working on pushing newer versions there as well, stay tuned.
Does anyone know if I can drop in NSS3.9 in place of the ancient 3.2.2 the C-SDK uses with no ill effect?
yes you can. have a look at NSS release notes. db format changes probably the major issue you gonna hit, apart from that it works.
ta, anton.
[EMAIL PROTECTED] wrote: -----
To: "Sridhar Bandi" <[EMAIL PROTECTED]> From: "Anton Bobrov" <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] Date: 01/31/2005 06:13AM cc: mozilla-directory@mozilla.org Subject: Re: using ldap_simple_bind_s() over ssl connection.
yes, see http://docs.sun.com/source/817-6707/ssl.htmlfor details.
Sridhar Bandi wrote: > Greetings to everyone, > > we want an authenticated secure channel b/w the client and the LDAP server, > however we don't have the certificate setup for the > client(no client side authentication) but just a DN and password for the > client to authenticate itself to the server. The LDAP server is setup > for the SSL connection. > > So is it allowed/safe to initialize an SSL connection using: > ldapssl_client_init() > ldapssl_init() > > and then use the simple authentication using: > ldap_simple_bind_s(DN/Password) > > If this is allowed, does the DN/password of the client go over the > encrypted channel b/w the client and the server? And does all the > communication happen in encrypted form when this LDAP handle is used? > > > thanks for all your support. > > Best Regards, > Bandi > _______________________________________________ > mozilla-directory mailing list > mozilla-directory@mozilla.org > http://mail.mozilla.org/listinfo/mozilla-directory _______________________________________________ mozilla-directory mailing list mozilla-directory@mozilla.org http://mail.mozilla.org/listinfo/mozilla-directory
===========================================================
The information in this email is confidential, and is intended solely for the addressee(s). Access to this email by anyone else is unauthorized and therefore prohibited. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful.
===========================================================
_______________________________________________ mozilla-directory mailing list mozilla-directory@mozilla.org http://mail.mozilla.org/listinfo/mozilla-directory
