apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <minf...@sharp.fm>
Subject Re: LDAP changes in apr-util 1.0.x
Date Thu, 06 Jan 2005 19:44:41 GMT
Brad Nicholes wrote:

>>How are client certificates specified within the Novell toolkit?

> With the API's ldapssl_set_client_cert() and
> ldapssl_set_client_private_key()

Can you do this after ldap_init()?

My thinking is to teach apr_ldap_set_option(ld, APR_LDAP_OPT_TLS_*CERT*, 
cert|key) to do this:

apr_ldap_set_option(ld, option, value) {

   if (toolkit == novell) {
     if (option = set-client-cert) {
       ldapssl_set_client_cert()
       return
     }

     if (option == set-client-key) {
       ldapssl_set_client_private_key()
       return
     }

     if (option == set-tls-to-start-tls) {
       ldapssl_start_tls()
       return
     }
   }

   if (toolkit == microsoft) {
     do microsoft flavoured stuff
     return
   }

   // else default to simple setting of options
   ldap_set_option(option, value)

}

This causes the Novell toolkit and Microsoft toolkit to behave like the 
OpenLDAP toolkit, which has the cleanest interface out of all of them.

First you do apr_ldap_init(...secure = 0...), then you do 
apr_set_option() for clients certs and starttls/ssl, then you do 
ldap_bind().

The secure flag in apr_ldap_init() can be for legacy toolkits that 
cannot support upgrading the connection after the fact, but my research 
so far hasn't uncovered any toolkit where this is a problem.

Regards,
Graham
--

Mime
View raw message