This really is a basic 'cert' issue. There's a ton of non-openldap coverage of this topic (self-signed and CA purchased certs).
In a nutshell, you'll need to provide a way for your customer's to use a cert of their choosing, and let them sort out how to get their clients to trust the signer of that cert. - chris Chris Jacobs, Systems Administrator Apollo Group | Apollo Marketing | Aptimus 2001 6th Ave Ste 3200 | Seattle, WA 98121 phone: 206.441.9100 x1245 | mobile: 206.601.3256 | fax: 206.441.9661 email: [email protected] ________________________________ From: [email protected] <[email protected]> To: [email protected] <[email protected]> Sent: Mon Jul 12 19:20:58 2010 Subject: Another question about LDAP over SSL Hi everyone. I have another "duh" question. I am writing software for a proprietary piece of hardware. I will be using the C libraries for openldap. I need to write some functions for LDAP so that the UI of the software has the option to authenticate a user via LDAP and LDAP over SSL. Basically it will just act like a client that will Simple Bind to the LDAP server for authentication. I read the document here. http://www.openldap.org/faq/data/cache/185.html I followed the instructions on the website to generate the SSL certs. My question is, on the website above it says.... "You must also install a copy of the CA certificate on all of your client machines. Configuration is done in /usr/local/etc/openldap/ldap.conf:" Does this mean I need to provide a way to the customer to manually transfer his/her CA cert the proprietary hardware, if they want to use LDAP over SSL??? Or when I use the Start TLS function, do the certs automatically get transfered behind the scene? thanks ________________________________ This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.
