You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@apr.apache.org by Eric Covener <co...@gmail.com> on 2007/01/11 17:40:10 UTC

[PATCH] Support for Tivoli Directory Server LDAP SDK in apr-util

Attached is a patch for allowing aprutil LDAP to use the Tivoli
Directory Server SDK from IBM.

Simple SSL connections work without any explicit configuration because
the SDK ships with a Key Database that contains the usual public CAs
This Key Database used for Certificate Authorities and private keys
can only effectively be set during the one-time
ldap_ssl_client_init()/apr_ldap_ssl_init() and this does work via
apr-util if the application passes in the cert_auth_file

A private key can be selected for client authentication during the
per-connection ldap_ssl_init()/apr_ldap_init() but this doesn't mesh
very well with the current apr-util LDAP interface.  Allowing this
would only require a addl char* passed to apr_ldap_init()

Neither the keyring or the name of the private cert are settable via
the ldap_set_option interface which unfortunately differs from other
supported LDAP SDKs.

I was able to get a small test program to work over ssl, as well as
httpd with a tiny change to actually pass the "secure" parameter to
apr_ldap_init()

v5.2 SDK readme:
http://publib.boulder.ibm.com/tividd/td/IBMDS/IDSCreadme52/en_US/HTML/client.htm
v5.2 SDK programmers reference:
http://publib.boulder.ibm.com/tividd/td/IBMDS/IDSprogref52/en_US/HTML/progref.htm
Product Page: (appears client/SDK bundled in large ldap server package)
http://www-306.ibm.com/software/tivoli/products/directory-server/

--
Eric Covener
covener@gmail.com

Re: [PATCH] Support for Tivoli Directory Server LDAP SDK in apr-util

Posted by Eric Covener <co...@gmail.com>.

On 1/11/07, Graham Leggett <mi...@sharp.fm> wrote:
> Eric Covener wrote:
>
> > Attached is a patch for allowing aprutil LDAP to use the Tivoli
> > Directory Server SDK from IBM.
>
> Can you attach this to a bug report in bugzilla so it doesn't fall
> through the cracks?

http://issues.apache.org/bugzilla/show_bug.cgi?id=41351


-- 
Eric Covener
covener@gmail.com

Re: [PATCH] Support for Tivoli Directory Server LDAP SDK in apr-util

Posted by Graham Leggett <mi...@sharp.fm>.

Eric Covener wrote:

> Attached is a patch for allowing aprutil LDAP to use the Tivoli
> Directory Server SDK from IBM.

Thanks for this, this is awesome - I am currently swamped until next 
week (when I get to go on a week holiday where I get to do whatever I 
like, including absolutely nothing if I so choose... yay!) so cannot get 
to this (and there are other patches I need to sort out).

Can you attach this to a bug report in bugzilla so it doesn't fall 
through the cracks?

Regards,
Graham
--