Hi, I tried compiling the source code but the problem persists. My application works fine with LDAP 5.2, but not with LDAP SDK 6.0 (neither by compiling from source code, nor by using the pre-built binaries). But I need to upgrade to LDAP SDK 6.0 !!
Any further pointers shall be highly appreciated. Thanks Saurabh -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rich Megginson Sent: Tuesday, March 27, 2007 8:06 PM To: Saurabh Chopra Cc: [email protected]; [EMAIL PROTECTED] Subject: Re: Help needed on LDAP 6.0 SDK Saurabh Chopra wrote: > Hi > > I arrived at the conclusion that the function "ldapssl_client_init" > isn't working for my code, if I use LDAP SDK 6.0 binaries. But if I use > the old LDAP 5.2 binaries, it works fine. > Here is a sample code that I used to compile it on RHAS 3.0 (also > attached with mail): > > #include <ldap.h> > #include <ldap_ssl.h> > #include <stdio.h> > /* Initialize client, using mozilla's certificate database */ > > int main(void) { > /* "/home/infwaer/test/" is the folder that contains cert7.db and > key3.db*/ > > if(ldapssl_client_init( "/home/infwaer/test/", NULL ) < 0) { > printf( "Failed to initialize SSL client...\n" ); > return( 1 ); > } > else > printf( "Initialized SSL client...\n" ); > > } > > I used the following command to compile it with 5.2 binaries, and was > able to successfully call the function ldapssl_client_init: > > gcc ldapclient.c -I/home/infwaer/nsldap/5.2/RHAS3.0/include > -L/home/infwaer/saurabh_review/lib -lldap50 -lnspr4 -lplds4 -lplc4 > -lsoftokn3 -lnss3 -lssl3 -lprldap50 -lssldap50 -ldigestmd5 -lsasl > > But when I compiled it using 6.0 binaries using the same command: > gcc ldapclient.c -I/home/infwaer/nsldap/6.0/RHAS3.0/include > -L/home/infwaer/saurabh_review/lib -lldap60 -lnspr4 -lplds4 -lplc4 > -lsoftokn3 -lnss3 -lssl3 -lprldap60 -lssldap60 -ldigestmd5 -lsasl > > It gave the error "failed to initialize" (as written in the code !) > > Please help me out; n let me know if it is a known issue with LDAP SDK > 6.0 It is not a known issue - SSL/TLS works fine with the 6.0 code. I suggest starting with the source code for the command line programs, especially common.c which contains the SSL/TLS connection code common to all of the clients - http://lxr.mozilla.org/mozilla/source/directory/c-sdk/ldap/clients/tools /common.c#962 > > Thanks > Saurabh > > > -----Original Message----- > From: Rich Megginson [mailto:[EMAIL PROTECTED] On Behalf Of Rich > Megginson > Sent: Friday, March 23, 2007 7:49 PM > To: Saurabh Chopra > Cc: [EMAIL PROTECTED]; [email protected] > Subject: Re: Help needed on LDAP 6.0 SDK > > Saurabh Chopra wrote: >> Hi >> >> I just get the error that the User Directory could not be contacted. > > Can you post the exact error message or error codes? What is the > application? Have you tried to use the ldapsearch command line tool? > >> When I earlier used LDAP 5.2 binaries, it worked absolutely fine. But >> after having upgraded to LDAP SDK 6.0.2, I have not been able to use > SSL >> over LDAP Directory Server. The nss version I used is 3.11.4 and nspr >> version is 4.6. >> I tried generating cert8.db using Mozilla Firefox 2.0, but the problem >> persists. Please help. >> >> Thanks >> Saurabh >> >> -----Original Message----- >> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] >> Sent: Thursday, March 22, 2007 9:36 PM >> To: Saurabh Chopra >> Cc: [email protected] >> Subject: Re: Help needed on LDAP 6.0 SDK >> >> >> Saurabh Chopra wrote: >> >>> I used pre-built LDAP SDK 6.0 binaries and have been able to connect >> to >>> LDAP interface. But I am facing problems with connectivity over SSL. >> what problems exactly ? any error messages / return codes etc you can >> provide here ? >> >>> Has it got something to do with cert7.db and key3.db? I dragged and >>> dropped my Certifying Authority's root certificate into Netscape >> Browser >>> 476, and generated the cert7.db. Do I need to use a newer version of >>> Netscape for the same? >> as Rich already mentioned NSS moved to new secdb format and now it is >> cert8 which is incompatible with cert7 but NSS should create cert8 by >> default automatically and use new db instead. to manage secdb you need >> NSS sectools you can get from location Rich has mentioned, for usage & >> help on them see > http://www.mozilla.org/projects/security/pki/nss/tools/ >> **************** CAUTION - Disclaimer ***************** >> This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended > solely for the use of the addressee(s). If you are not the intended > recipient, please notify the sender by e-mail and delete the original > message. Further, you are not to copy, disclose, or distribute this > e-mail or its contents to any other person and any such actions are > unlawful. This e-mail may contain viruses. Infosys has taken every > reasonable precaution to minimize this risk, but is not liable for any > damage you may sustain as a result of any virus in this e-mail. You > should carry out your own virus checks before opening the e-mail or > attachment. Infosys reserves the right to monitor and review the content > of all messages sent to or from this e-mail address. Messages sent to or > from this e-mail address may be stored on the Infosys e-mail system. >> ***INFOSYS******** End of Disclaimer ********INFOSYS*** > _______________________________________________ dev-tech-ldap mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-ldap _______________________________________________ dev-tech-ldap mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-ldap
