#include <ldap.h> #include <ldapssl.h> int ldap_app_ssl_client_init_np( char *dcm_identifier, int *pSSLReasonCode)
The ldap_app_ssl_client_init_np() is an LDAP V3 function used to initialize the LDAP client using the Digital Certificate Manager (DCM) to control the digital certificate in preparation for making a secure connection (using Secure Sockets Layer (SSL)) to a LDAP server.
ldap_app_ssl_client_init_np() must be called prior to ldap_app_ssl_init_np() to establish a connection, and prior to any kind of ldap_bind(), whether it be an ldap_sasl_bind_s() or an ldap_simple_bind_s(). ldap_app_ssl_client_init_np() must be called only once per job, while multiple ldap_app_ssl_init_np() or secure connections can be done, allowing one (DCM) initialization to be done for many connections. Once the secure connection is established all subsequent LDAP messages that flow over the secure connection are encrypted, including the ldap_bind() parameters, until ldap_unbind() is called.
Either ldap_ssl_client_init() or ldap_app_ssl_client_init_np() (but not both) can be called in an application process. If you are not going to use SSL client authentication (LDAP SASL bind with the EXTERNAL mechanism), use ldap_ssl_client_init().
*R authority is needed to the selected Certificate Store and *X to the associated directories.
Note: By using the code examples, you agree to the terms of the Code license and disclaimer information.
The following scenario depicts the recommended calling sequence where the entire set of LDAP transactions are "protected" by using a secure SSL connection:
rc = ldap_app_ssl_client_init_np (dcm_identifier, &reasoncode); ld = ldap_app_ssl_init_np(ldaphost, ldapport ); rc = ldap_set_option( ld, LDAP_OPT_SSL_CIPHER, &ciphers); rc = ldap_sasl_bind_s( ld, NULL, LDAP_MECHANISM_EXTERNAL, NULL, NULL, NULL ); ...additional LDAP API calls rc = ldap_unbind( ld );
The following scenario depicts the calling sequence for multiple connections using one DCM identifier:
rc = ldap_app_ssl_client_init_np (dcm_identifier, &reasoncode); ld = ldap_app_ssl_init_np(ldaphost, ldapport ); rc = ldap_set_option( ld, LDAP_OPT_SSL_CIPHER, &ciphers); rc = ldap_sasl_bind_s( ld, NULL, LDAP_MECHANISM_EXTERNAL, NULL, NULL, NULL ); /* For multiple secure connections using the same dcm_identifier. */ ld1 = ldap_app_ssl_init_np(ldaphost, ldapport ); rc = ldap_sasl_bind_s( ld, NULL, LDAP_MECHANISM_EXTERNAL, NULL, NULL, NULL ); ld2 = ldap_app_ssl_init_np(ldaphost, ldapport ); rc = ldap_sasl_bind_s( ld, NULL, LDAP_MECHANISM_EXTERNAL, NULL, NULL, NULL ); ...additional LDAP API calls rc = ldap_unbind( ld ); rc = ldap_unbind( ld1 ); rc = ldap_unbind( ld2 );
If ldap_app_ssl_client_init_np() is not successful it will return an LDAP error code. See LDAP Client API Error Conditions for possible LDAP error code values.
The following message may be sent from this function.
Message ID | Error Message Text |
---|---|
CPF3CF2 E | Error(s) occurred during running of ldap_ssl_client_init_np API. |
[ Back to top | LDAP APIs | APIs by category ]