Return-Path: Delivered-To: apmail-apr-bugs-archive@www.apache.org Received: (qmail 53906 invoked from network); 11 Jan 2007 17:25:33 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 11 Jan 2007 17:25:33 -0000 Received: (qmail 24002 invoked by uid 500); 11 Jan 2007 17:25:39 -0000 Delivered-To: apmail-apr-bugs-archive@apr.apache.org Received: (qmail 23974 invoked by uid 500); 11 Jan 2007 17:25:39 -0000 Mailing-List: contact bugs-help@apr.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: bugs@apr.apache.org Delivered-To: mailing list bugs@apr.apache.org Received: (qmail 23963 invoked by uid 99); 11 Jan 2007 17:25:39 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 11 Jan 2007 09:25:39 -0800 X-ASF-Spam-Status: No, hits=-9.4 required=10.0 tests=ALL_TRUSTED,NO_REAL_NAME X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO brutus.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 11 Jan 2007 09:25:32 -0800 Received: by brutus.apache.org (Postfix, from userid 33) id CE5F67142F4; Thu, 11 Jan 2007 09:25:11 -0800 (PST) From: bugzilla@apache.org To: bugs@apr.apache.org Subject: DO NOT REPLY [Bug 41351] New: - Tivoli LDAP SDK support in aprutil Message-ID: X-Bugzilla-Reason: AssignedTo Date: Thu, 11 Jan 2007 09:25:11 -0800 (PST) X-Virus-Checked: Checked by ClamAV on apache.org DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG� RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND� INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=41351 Summary: Tivoli LDAP SDK support in aprutil Product: APR Version: HEAD Platform: All OS/Version: other Status: NEW Severity: enhancement Priority: P2 Component: APR-util AssignedTo: bugs@apr.apache.org ReportedBy: covener@gmail.com Attached is a patch for allowing aprutil LDAP to use the Tivoli Directory Server SDK from IBM. Simple SSL connections work without any explicit configuration because the SDK ships with a Key Database that contains the usual public CAs This Key Database used for Certificate Authorities and private keys can only effectively be set during the one-time ldap_ssl_client_init()/apr_ldap_ssl_init() and this does work via apr-util if the application passes in the cert_auth_file A private key can be selected for client authentication during the per-connection ldap_ssl_init()/apr_ldap_init() but this doesn't mesh very well with the current apr-util LDAP interface. Allowing this would only require a addl char* passed to apr_ldap_init() Neither the keyring or the name of the private cert are settable via the ldap_set_option interface which unfortunately differs from other supported LDAP SDKs. I was able to get a small test program to work over ssl, as well as httpd with a tiny change to actually pass the "secure" parameter to apr_ldap_init() v5.2 SDK readme: http://publib.boulder.ibm.com/tividd/td/IBMDS/IDSCreadme52/en_US/HTML/client.htm v5.2 SDK programmers reference: http://publib.boulder.ibm.com/tividd/td/IBMDS/IDSprogref52/en_US/HTML/progref.htm Product Page: (appears client/SDK bundled in large ldap server package) http://www-306.ibm.com/software/tivoli/products/directory-server/ -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscribe@apr.apache.org For additional commands, e-mail: bugs-help@apr.apache.org