Sean McKay wrote:
I was not able to get the LDAPS server to respond to the query so out of
despiration, I thought I'd try HTTPS -- if I remember right, I think
Microsoft uses a non-standard for LDAPS that I can't remember right now.
I am aware of one incompatability in the LDAP world. This causes OpenLDAP
to be incompatable with both the IBM Directory Server and I believe with
Microsoft as well. This is due to a modification to the way that LDAP
does encoding to thwart a possible attack method, unfortunately, neither
of these products interworks with the thwart.
Interestingly enough, the Perl Net::LDAPS works fine with EITHER kind of
server. It is totally written in Perl so does not use any of these
libraries.
You might try to see if you can set a bit in OpenLDAP that passes
through to OpenSSL that says "don't implement the thwart". I had a
conjecture that this might work (I was working in PHP at the time)
but never had a chance to test it out.
But there is clearly an incompatability, and we had to do local code to
make the Apache SSL stuff work with a "special library" IBM donated
to us.
I might be able to post a URL for a technical explanation if anybody
is interested in seeing it.
--
Charles B (Ben) Cranston
mailto: [EMAIL PROTECTED]
http://www.wam.umd.edu/~zben
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
