#include <ldap.h> #include <ldapssl.h> LDAP *ldap_app_ssl_init_np( char *host, int port)
The ldap_app_ssl_init_np() routine is used to initialize a secure SSL session with a server. Note that the server is not actually contacted until an operation is performed that requires it, allowing various options to be set after initialization. Once the secure connection is established, all subsequent LDAP messages that flow over the secure connection are encrypted, including the ldap_simple_bind() parameters, until ldap_unbind() is called.
Note that when connecting to an LDAP V2 server, one of the ldap_simple_bind() or ldap_bind() calls must be completed before other operations can be performed on the session (with the exception of ldap_set/get_option()). The LDAP V3 protocol does not require a bind operation before performing other operations.
The ciphers for the encryption of the connection are based on the current Crypto Access Provider licensed program loaded. See ldap_get or set_option() for more information on setting the ciphers to be used.
*R authority is needed to the selected Certificate Store and *X to the associated directories.
Explicit Host List | Specifies the name of the host on which the LDAP
server is running. The host parameter may contain a blank-separated list of
hosts to try to connect to, and each host may optionally be of the form
host:port. If present, the :port overrides the port parameter.
The following are typical examples: ld=ldap_app_ssl_init_np ("server1", ldaps_port);ld=ldap_app_ssl_init_np ("server2:1200", ldaps_port); ld=ldap_app_ssl_init_np ("server1:800 server2:2000 server3", ldaps_port); |
Localhost | If the host parameter is null, it is assumed that the LDAP server is running on the local host. |
Default Hosts | If the host parameter is set to "ldaps://" the LDAP library
will attempt to locate one or more default LDAP servers, with SSL ports, using
the SecureWay® ldap_server_locate()
function. The port specified on the call is ignored, since
ldap_server_locate() returns the port.
For example, the following two are equivalent: ld=ldap_app_ssl_init_np ("ldaps://", ldaps_port);ld=ldap_app_ssl_init_np (LDAPS_URL_PREFIX, LDAPS_PORT); If more than one default server is located, the list is processed in sequence, until an active server is found. The LDAP URL can include a Distinguished Name, used as a filter for selecting candidate LDAP servers based on the server's suffix (or suffixes). If the most significant portion of the DN is an exact match with a server's suffix (after normalizing for case), the server is added to the list of candidate servers. For example, the following will only return default LDAP servers that have a suffix that supports the specified DN: ld=ldap_app_ssl_init_np ("ldaps:///cn=fred, dc=austin, dc=ibm, dc=com", LDAPS_PORT)In this case, a server that has a suffix of "dc=austin, dc=ibm, dc=com" would match. If more than one default server is located, the list is processed in sequence, until an active server is found. If the LDAP URL contains a host name and optional port, the host is used to create the connection. No attempt is made to locate the default server(s), and the DN, if present, is ignored. For example, the following two are equivalent: ld=ldap_app_ssl_init_np ("ldaps://myserver", LDAPS_PORT);ld=ldap_app_ssl_init_np ("myserver", LDAPS_PORT); |
Local Socket | If the host parameter is prefixed with "/", the host parameter is assumed to be the name of a UNIX® socket (that is, socket family is AF_UNIX) and port is ignored. This will fail for ldap_app_ssl_init_np() because UNIX sockets do not support SSL, nor is it necessary since data will not be flowing over the network. |
Host with Privileged Port | If a specified host is prefixed with "privport://", then the
LDAP library will use the rresvport() function to attempt to
obtain one of the reserved ports (512 through 1023), instead of an "ephemeral"
port. The search for a reserved port starts at 1023 and stops at 512. If a
reserved port cannot be obtained, ldap_app_ssl_init_np() will
fail.
For example: ld=ldap_app_ssl_init_np ("privport://server1, ldaps_port");ld=ldap_app_ssl_init_np ("privport://server2:1200", ldaps_port); ld=ldap_app_ssl_init_np ("privport://server1:800 server2:2000 privport://server3", ldaps_port); |
ldap_app_ssl_init_np() will return NULL if not successful.
The following message may be sent from this function.
Message ID | Error Message Text |
---|---|
CPF3CF2 E | Error(s) occurred during running of ldap_app_ssl_init_np API. |
The following scenario depicts the recommended calling sequence where the entire set of LDAP transactions are protected by using a secure SSL connection.
Note: By using the code examples, you agree to the terms of the Code license and disclaimer information.
rc = ldap_app_ssl_client_init_np (dcm_identifier, &reasoncode); ld = ldap_app_ssl_init_np(ldaphost, ldapport ); rc = ldap_set_option( ld, LDAP_OPT_SSL_CIPHER, &ciphers); rc = ldap_sasl_bind_s( ld, NULL, LDAP_MECHANISM_EXTERNAL, NULL, NULL, NULL ); ...additional LDAP API calls rc = ldap_unbind( ld );
[ Back to top | LDAP APIs | APIs by category ]