I am trying to implement a function that uses LDAP over SSL (SSL, not TLS), it needs to connect to an LDAP server with SSL support (for example, OpenLDAP), bind and then execute any additional requests. It also needs to support client authentication, and it gets complicated here: the client is a web application written in Ruby, and we use RubyLDAP (so far we have used it for non-SSL ldap files with great success).
My question is: is there a way to upload the client certificate and send its wiring information to the LDAP server when running LDAP :: SSLConn? I did not find anything obvious in the API docs ( http://ruby-ldap.sourceforge.net/rdoc/ ), nor in google search.
I know that I can prevent the server from requesting a certificate by placing the following on slapd.conf (OpenLDAP):
TLSVerifyClient never
However, this is not an option here.
Thank,
Marcelo.
source
share