https://bugzilla.novell.com/show_bug.cgi?id=662949 https://bugzilla.novell.com/show_bug.cgi?id=662949#c5 Ralf Haferkamp <rhafer@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|rhafer@novell.com |jsuchome@novell.com --- Comment #5 from Ralf Haferkamp <rhafer@novell.com> 2011-01-10 13:54:18 CET --- Implementing the TLS Settings in ldap-agent doesn't seem to be very hard. I have however a hard time integrating that into Ldap.ycp (and ldap-client) in general. As I don't know that code well enough. Would be nice if you could take a look at that. To change the TLS Settings you can use the TlsOptions Class of the LDAP C++ library (as it is available on Factory). To change the options globally (for all new LDAPConnections) you just instanciate a TlsOptions object and call the setOption like this: TlsOptions tls(); tls.setOption( TlsOptions::CACERTFILE, cacertfile ); tls.setOption( TlsOptions::CACERTDIR, cacertdir ); tls.setOption( TlsOptions::REQUIRE_CERT, TlsOptions::DEMAND ); To change the TLS Setting of an existing LDAPConnection object you need to construct the TlsOptions Object like this: TlsOptions tls = ldap->getTlsOptions(); Note, that changing the TLS options does only work before the SSL/TLS on a LDAP connection has been established (and that's probably the hard part, but there is not much I can change about that). I.e. you must change the TlsOptions before the first call to start_tls(). That means that in order to apply changed TLS settings when the LDAP agent has already established a SSL/TLS connection you need to close and destroy that connection (unbind()) and create a new one. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.