rlm_ldap and TLS
Frank Cusack
fcusack at fcusack.com
Wed Jan 3 05:50:12 CET 2007
Hi Kostas et al.
I'm writing support for openldap and start tls into my own application,
and have run into trouble and was wondering how rlm_ldap is accomplishing
some things.
>From rlm_ldap.c in CVS,
Line 2088, on what systems is ldap_int_tls_config() exposed? This is
available in libldap (sloppy on OpenLDAP's part IMHO) but not in ldap.h.
I was just wondering if some systems might patch ldap.h to contain the
prototype for ldap_int_tls_config(), since it seems a mistake on OpenLDAP's
part to have it be an internal function. Or is it the case that
building rlm_ldap against TLS requires source code for OpenLDAP to be
available somewhere?
Line 2099 and following, on what systems do the LDAP_OPT_X_TLS_* functions
(besides LDAP_OPT_X_TLS_REQUIRE_CERT, set via ldap_int_tls_config() above)
work using ldap_set_option()? I can only get these to work with
ldap_int_tls_config() and from a brief OpenLDAP code inspection it seems
that is the only way they are available. ie, these options appear to
only be available by way of /etc/openldap/ldap.conf (ie, LDAP_CONF_FILE)
when ldap_initialize() et al. are called. yuk.
Lastly, the options being set are OpenLDAP-specific, and do not seem
to be present in the Sun/Netscape API, so I am just assuming that these
are dependent on OpenLDAP and not some other libldap.
This is against openldap-2.3.31. It may be the case that
ldap_int_tls_config() was exposed in some earlier version, and that
some of the LDAP_OPT_X_TLS_* functions were available via ldap_set_option().
But I'm thinking that maybe there are no users of start tls functionality
in rlm_ldap.
thanks
-frank
More information about the Freeradius-Devel
mailing list