I'm going to strip that code out and try again with the 5.11 sdk and see
what happens.
Thanks again!
Jeff
[EMAIL PROTECTED] wrote: -----
To: [EMAIL PROTECTED]
From: "Anton Bobrov" <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
Date: 01/31/2005 10:27AM
cc: "Sridhar Bandi" <[EMAIL PROTECTED]>, mozilla-directory@mozilla.org
Subject: Re: using ldap_simple_bind_s() over ssl connection.
Jeff,
i can only speak for Sun version of LDAP C SDK here which is
the same codebase as Mozilla version but they are not in sync
for quite some time now :( so keep that in mind when reading
my comments below.
For instance, you'll need nssckbi.dll (for the root certs), which comes
from NSS, not the C-SDK.
So you have to find the same version of NSS
that the C-SDK was linked against (3.2.2).
we ship all required libs as part of our SDKs.
You need to call NSS_Init(),
then set your crypto policies and enable the set of ciphers of your
choosing.
you dont have to do that. SDK will take care of that for you.
again read the docs i mentioned, its all there.
For NSS_Init to work, you need the cert and key
databases...the docs say to use keyutil,
but after a week of fruitless
searching, you'll find out that it's been superceeded by certutil.
i dont recall seeing anything like that in our docs. please
point exact location in the docs if something is outdated
and i will file a bug to get it fixed.
you have that done, you'll get a crash in NSS_Init with a bad ptr passed
to PR_Free (at least I did - n.b. on Win2k).
well as i said you dont have to go there and if you do you need
to make sure you know what you doing :)
Pardon me if I sound cranky, it's Monday and I've been at this
for a week and a half now :)
i understand that. download 5.08 or 5.11 [extract it from DSRK] from
http://www.sun.com/download/index.jsp?cat=Application%20Development&tab=3#sdk
in "SDKs (Software Development Kits)" section. they quite old but we
are working on pushing newer versions there as well, stay tuned.
Does anyone know if I can drop in NSS3.9 in place of the ancient 3.2.2
the C-SDK uses with no ill effect?
yes you can. have a look at NSS release notes. db format changes
probably the major issue you gonna hit, apart from that it works.
ta,
anton.
[EMAIL PROTECTED] wrote: -----
To: "Sridhar Bandi"
From: "Anton Bobrov"
Sent by: [EMAIL PROTECTED]
Date: 01/31/2005 06:13AM
cc: mozilla-directory@mozilla.org
Subject: Re: using ldap_simple_bind_s() over ssl connection.
yes, see http://docs.sun.com/source/817-6707/ssl.htmlfordetails.
Sridhar Bandi wrote:
> Greetings to everyone,
>
> we want an authenticated secure channel b/w the client and the
LDAP server,
> however we don't have the certificate setup for the
> client(no client side authentication) but just a DN and
password for the
> client to authenticate itself to the server. The LDAP server is
setup
> for the SSL connection.
>
> So is it allowed/safe to initialize an SSL connection using:
> ldapssl_client_init()
> ldapssl_init()
>
> and then use the simple authentication using:
> ldap_simple_bind_s(DN/Password)
>
> If this is allowed, does the DN/password of the client go over
the
> encrypted channel b/w the client and the server? And does all the
> communication happen in encrypted form when this LDAP handle is
used?
>
>
> thanks for all your support.
>
> Best Regards,
> Bandi
> _______________________________________________
> mozilla-directory mailing list
> mozilla-directory@mozilla.org
> http://mail.mozilla.org/listinfo/mozilla-directory
_______________________________________________
mozilla-directory mailing list
mozilla-directory@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-directory
===========================================================
The information in this email is confidential, and is intended solely
for the addressee(s). Access to this email by anyone else is
unauthorized and therefore prohibited. If you are not the intended
recipient you are notified that disclosing, copying, distributing or
taking any action in reliance on the contents of this information is
strictly prohibited and may be unlawful.
===========================================================
_______________________________________________
mozilla-directory mailing list
mozilla-directory@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-directory
===========================================================
The information in this email is confidential, and is intended solely for the
addressee(s). Access to this email by anyone else is unauthorized and therefore
prohibited. If you are not the intended recipient you are notified that
disclosing, copying, distributing or taking any action in reliance on the
contents of this information is strictly prohibited and may be unlawful.
===========================================================
