Brad Nicholes wrote:
How are client certificates specified within the Novell toolkit?
With the API's ldapssl_set_client_cert() and ldapssl_set_client_private_key()
Can you do this after ldap_init()?
My thinking is to teach apr_ldap_set_option(ld, APR_LDAP_OPT_TLS_*CERT*, cert|key) to do this:
apr_ldap_set_option(ld, option, value) { if (toolkit == novell) {
if (option = set-client-cert) {
ldapssl_set_client_cert()
return
} if (option == set-client-key) {
ldapssl_set_client_private_key()
return
} if (option == set-tls-to-start-tls) {
ldapssl_start_tls()
return
}
} if (toolkit == microsoft) {
do microsoft flavoured stuff
return
}// else default to simple setting of options ldap_set_option(option, value)
}
This causes the Novell toolkit and Microsoft toolkit to behave like the OpenLDAP toolkit, which has the cleanest interface out of all of them.
First you do apr_ldap_init(...secure = 0...), then you do apr_set_option() for clients certs and starttls/ssl, then you do ldap_bind().
The secure flag in apr_ldap_init() can be for legacy toolkits that cannot support upgrading the connection after the fact, but my research so far hasn't uncovered any toolkit where this is a problem.
Regards, Graham --
smime.p7s
Description: S/MIME Cryptographic Signature
