Hi, OpenLDAP developers, I have been able to successfully write a simple C program using the OpenLDAP C-SDK to establish connection to Microsoft Active Directory Server over SSL.
In my test program, I call ldap_set_option( NULL, LDAP_OPT_X_TLS_CACERTDIR, cert_path) to set the path to a directory where all my CA Root certificates are. OpenLDAP uses OpenSSL format of certificate management, the trusted CA Root Certificates are no longer imported into a single file (aka the certificate store). OpenSSL hashes the certificate file (.pem format), and uses symbolic link to link to the actual certificate.pem file. Here's content of my cert_path dir: wud2@pleoski:[/emc/wud2/ldap_certdb]> ls -altr total 80 -rw-r--r-- 1 wud2 dctmuser 1688 Sep 16 09:36 ldap112_rootca.pem drwxr-xr-x 2 wud2 dctmuser 1024 Sep 16 09:37 ./ lrwxrwxrwx 1 wud2 dctmuser 18 Sep 16 10:11 e8332e5a.0 -> ldap112_rootca.pem drwxr-xr-x 67 wud2 dctmuser 9216 Oct 14 14:04 ../ I am trying to write a Java LDAP client program using Novell's JLDAP to connect to Microsoft Active Directory server, over SSL. I would like to use my current cert_path (listed above) to establish LDAP SSL connection, in Java. I found an example listed on the Novell site: http://developer.novell.com/documentation/samplecode/jldap_sample/security/SSLConnection.java.html // Dynamically set JSSE as a security provider Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); // Dynamically set the property that JSSE uses to identify // the keystore that holds trusted root certificates System.setProperty("javax.net.ssl.trustStore", path); As you can see, in this Java example, the "path" value is expected to be "keystore file that holds trusted root certificates". But in my case, I only have a directory where trusted root certificates are present. I don't exactly have a single keystore file. So, my questions is, what is the Java equivalent for ldap_set_option( NULL, LDAP_OPT_X_TLS_CACERTDIR, cert_path)? Any comments/input would be much appreciated. Thanks. Daisy
