LDAP TLS Connections

[Rich2k]

This is a great resource and I've actually got an initial implementation, the problem I have is two fold

1) I need to connect either over SSL or TLS (I'm trying TLS at the moment) and I notice that your build scripts disable tls

2) I try to build on Snow Leopard and literally from a copy and paste to my openldap directory I get

/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/lipo: specifed architecture type (arm) for file (lnsout/libldap.a.arm) does not match it's cputype (7) and cpusubtype (3) (should be cputype (12) and cpusubtype (0))

[rhussmann]

Regarding 2, did you use the fat_build_snow_leopaord.sh file in the utils directory? I attempted to recreate the issues using the latest stable version of OpenLDAP (2.4.21), but was successfully able to build the libraries

With regards to 1, TLS is disabled because the crypto system on the iPhone appears to be different from that on the Mac. I haven't put much effort into supporting the crypto portions of the library because it wasn't necessary for the project this was originally created for.

With that said, I do have an interest in adding crypto support to an OpenLDAP compilation for the iPhone. If you're willing to help test some of the functionality (as I don't have a developers license) I'll start working towards including this support.

[Rich2k]

Absolutely, I'd be more than happy to, at the moment I'm working on an alternative branch of trying to use ldap_error = ldap_set_option(_ldap_context, LDAP_OPT_ENCRYPT, &enc); to set a password. It isn't being rejecting it but at the same time it's not saving either just coming back with an LDAP_SUCCESS message

[Rich2k]

Regarding 2 I found that it seems to occur on a second build, cleaning it down totally and rebuilding fixes it.

I've managed today to install the openssl headers (you need to use 0.9.7 rather than 0.9.8 that OS X comes with) and the build process finds and uses the SSL library but still won't build TLS support.

[Rich2k]

OK I've been playing and it seems, that I need either a connection over TLS (which requires openssl support) or a version that uses LDAP_OPT_ENCRYPT which seems to require Kerberos (and SASL?).

Trying to build both gives and error that the versions available on OS X are unusable

Getting a bit stuck now and beyond my comfort zone :)

Am more than happy to test on a device as I have an active developer license for the iPhone

[rhussmann]

The issue is that the iPhone SDK has no libssl (which is a dependency for OpenLDAP). After some playing around I've successfully built OpenLDAP with TLS support for the device (ARM static libraries), but I haven't had much luck with the simulator.

It looks like you'll have to compile OpenSSL in addition to OpenLDAP for this workflow to be successful. I'm trying to build a set of scripts that makes the process less painful...

[Rich2k]

That would be amazing if you could get it working on both simulator and device, obviously device is the most important but at the moment I'm entirely testing on simulator whilst developing.

I don't know why they can't emulate properly on the simulator rather than having to build fat libraries