apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric Covener" <cove...@gmail.com>
Subject [PATCH] Support for Tivoli Directory Server LDAP SDK in apr-util
Date Thu, 11 Jan 2007 16:40:10 GMT
Attached is a patch for allowing aprutil LDAP to use the Tivoli
Directory Server SDK from IBM.

Simple SSL connections work without any explicit configuration because
the SDK ships with a Key Database that contains the usual public CAs
This Key Database used for Certificate Authorities and private keys
can only effectively be set during the one-time
ldap_ssl_client_init()/apr_ldap_ssl_init() and this does work via
apr-util if the application passes in the cert_auth_file

A private key can be selected for client authentication during the
per-connection ldap_ssl_init()/apr_ldap_init() but this doesn't mesh
very well with the current apr-util LDAP interface.  Allowing this
would only require a addl char* passed to apr_ldap_init()

Neither the keyring or the name of the private cert are settable via
the ldap_set_option interface which unfortunately differs from other
supported LDAP SDKs.

I was able to get a small test program to work over ssl, as well as
httpd with a tiny change to actually pass the "secure" parameter to
apr_ldap_init()

v5.2 SDK readme:
http://publib.boulder.ibm.com/tividd/td/IBMDS/IDSCreadme52/en_US/HTML/client.htm
v5.2 SDK programmers reference:
http://publib.boulder.ibm.com/tividd/td/IBMDS/IDSprogref52/en_US/HTML/progref.htm
Product Page: (appears client/SDK bundled in large ldap server package)
http://www-306.ibm.com/software/tivoli/products/directory-server/

--
Eric Covener
covener@gmail.com

Mime
View raw message