[prev in list] [next in list] [prev in thread] [next in thread]
List: openldap-software
Subject: Re: More SASL/SSL questions.
From: Howard Chu <hyc () symas ! com>
Date: 2004-06-12 1:49:08
Message-ID: 40CA6114.6070300 () symas ! com
[Download RAW message or body]
Ben Bargabus wrote:
> Hello,
> I'm still a bit confused about SASL and SSL from a client programming
> perspective (and the almost complete lack of documentation doesn't help
> much).
> 1. Does a SASL bind produce an encrypted session for any communication
> that follows the authentication or does it just encrypt the bindDN and
> credentials?
In general, what SASL does is left to the SASL documentation. To answer
your question, if a particular SASL mechanism supports session
encryption then OpenLDAP will use that feature by default. You can set
the SASL security properties to disable these mechanisms if you want.
> 2. Is there ANY documentation for ldap_sasl_bind_s() that describes its
> arguments and return value?
The arguments and return values are spelled out in the source code. In
general, this function is not what you want though, you should be using
ldap_sasl_interactive_bind_s() instead because it handles all the
interactions with the SASL library and it's a pain to manage that yourself.
> 3. Is there ANY documentation for ldap_initialize()? Particularly I'm
> wondering how to use it to create an SSL session (is it as simple as
> ldap_initialize(&ld, "ldaps://myserver.com:636")). Is there a better
> way to create an SSL session?
Yes, it's as simple as that.
> 4. If the answer to 2 and/or 3 is no can someone please explain them?
When you're writing your own LDAP client for the first time, it's often
easiest to use existing code as an example. In this case, you should be
looking at the code in clients/tools as a canonical example of how to do
just about everything.
--
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic