Thanks for the reply, How to replace the file based access in OpenLDAP with windows certificate store access. we have the functionality to access the windows certificate store but how to integrate with OpenLDAP ?
Regards, Pramod On Fri, Aug 2, 2013 at 10:57 PM, Michael Ströder <[email protected]>wrote: > Aaron Richton wrote: > > On Fri, 2 Aug 2013, pramod kulkarni wrote: > > > >> Hi,I need information on how to configure OpenLDAP server in the > slapd.conf > >> to look for certificates from windows certificate store? > >> Currently i am using certificates from file in a path. > >> > >> Waiting for your inputs. > > > > In libraries/libldap you'll find > > > > tls_g.c tls_m.c tls_o.c > > > > which are for GnuTLS, MozNSS, and OpenSSL respectively. I'd imagine that > the > > Right Thing would be to make a new file here, that utilizes the Windows > crypto > > APIs (therefore accessing the Windows certificate stores). > > You're talking about implementing a wrapper around Windows' schannel DLL > which > in turn uses CAPI key stores. > > Another also rather hypothetical approach: > I vaguely remember that someone wrote a PKCS#11 provider for accessing CAPI > keystore which could be used in libnss and therefore in OpenLDAP (tls_m.c). > It would be a lot of work to get that going - something for adventurers > with > lots of spare time. ;-} > > Ciao, Michael. > > >
