friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
master
ibm-information-center/dist/eclipse/plugins/i5OS.ic.apis_5.4.0.1/ldap_ssl_start.htm

221 lines
7.9 KiB
HTML
Raw Permalink Blame History

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Copyright" content="Copyright (c) 2006 by IBM Corporation">
<title>ldap_ssl_start()--Start a Secure LDAP Connection</title>
<!-- Begin Header Records ========================================== -->
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<!-- Change History: -->
<!-- YYMMDD USERID Change description -->
<!-- Direct1 SCRIPT J converted by B2H R4.1 (346) (CMS) by V2KEA304 -->
<!-- at RCHVMW2 on 17 Feb 1999 at 11:05:09 -->
<!-- File Edited April 2001 -->
<!-- This file has undergone html cleanup on 2/19/02 by JET -->
<!--End Header Records -->
<link rel="stylesheet" type="text/css" href="../rzahg/ic.css">
</head>
<body>
<!-- Java sync-link -->
<script language="Javascript" src="../rzahg/synch.js" type="text/javascript">
</script>
<a name="Top_Of_Page"></a>
<h2>ldap_ssl_start()--Start a Secure LDAP Connection</h2>
<div class="box" style="width: 70%;">
<br>
&nbsp;&nbsp;Syntax<br>
<pre>
#include &lt;ldap.h&gt;
#include &lt;ldapssl.h&gt;
int ldap_ssl_start(
LDAP *<em>ld</em>,
char *<em>keyring</em>,
char *<em>keyring_pw</em>,
char *<em>name</em> )
</pre>
<br>
&nbsp;&nbsp;Default Public Authority: *USE<br>
<!-- iddvc RMBR -->
<br>
&nbsp;&nbsp;Library Name/Service Program: QSYS/QGLDCLNT<br>
<!-- iddvc RMBR -->
<br>
&nbsp;&nbsp;Threadsafe: Yes<br>
<!-- iddvc RMBR -->
<br>
</div>
<p>The <strong>ldap_ssl_start()</strong> function is used to start a secure
connection (using Secure Sockets Layer (SSL)) to an LDAP server. <strong>
ldap_ssl_start()</strong> accepts the <em>ld</em> from an <a href=
"ldap_open.htm">ldap_open()</a> and performs an SSL handshake to a server.
<strong>ldap_ssl_start()</strong> must be called after <strong>
ldap_open()</strong> and prior to <strong>ldap_bind()</strong>. Once the secure
connection is established for the <em>ld</em>, all subsequent LDAP messages
that flow over the secure connection are encrypted, including the <strong>
ldap_bind()</strong> parameters, until <a href="ldap_unbind.htm">
ldap_unbind()</a> is called.</p>
<p>Although still supported, the use of the <a href="ldap_ssl_start.htm">
ldap_ssl_start()</a> API is now deprecated. The <a href=
"ldap_ssl_client_init.htm">ldap_ssl_client_init()</a> and <a href=
"ldap_ssl_init.htm">ldap_ssl_init()</a> or <a href=
"ldap_app_ssl_client_init_np.htm">ldap_app_ssl_client_init_np()</a> and <a
href="ldap_app_ssl_init_np.htm">ldap_app_ssl_init()</a> APIs should be used
instead.</p>
<br>
<h3>Authorities and Locks</h3>
<p>Read, *R, authority is needed to the selected Certificate Store and Execute,
*X, to the associated directories.</p>
<br>
<h3>Parameters</h3>
<dl>
<dt><em>ld</em></dt>
<dd>(Input) Specifies the LDAP pointer returned by a previous call to <a href=
"ldap_init.htm">ldap_init()</a>, <a href="ldap_ssl_init.htm">
ldap_ssl_init()</a>, or <a href="ldap_open.htm">ldap_open()</a>.</dd>
<dt><em>keyring</em></dt>
<dd>(Input) Specifies the name of a key database file (with "kdb" extension).
The key database file typically contains one or more certificates of
certification authorities (CAs) that are trusted by the client. These types of
X.509 certificates are also known as trusted roots. A key database can also be
used to store the client's private key(s) and associated client certificate(s).
A private key and associated client certificate are required only if the LDAP
server is configured to require client and server authentication. If the LDAP
server is configured to provide only server authentication, a private key and
client certificate are not required.</dd>
<dd>Note: Although still supported, use of the <strong>
ldap_ssl_start()</strong> is discouraged (its use has been deprecated). Any
application using the <strong>ldap_ssl_start()</strong> API should only use a
single key database (per application process).</dd>
<dd>A fully-qualified path and filename is recommended. If a filename without a
fully-qualified path is specified, the LDAP library will look in the current
directory for the file. The key database file specified here must have been
created using Digital Certificate Manager, DCM. If a key database is not
supplied, the default roots are used for trusted Certification Authorities
(CAs).</dd>
<dt><em>keyring_pw</em></dt>
<dd>(Input) Specifies the password that is used to protect the contents of the
key database. This password is important since it protects the private key
stored in the key database. The password was specified when the key database
was initially created. A NULL pointer is accepted.</dd>
<dt><em>name</em></dt>
<dd>(Input) Specifies the name, or label, associated with the client private
key/certificate pair in the key database. It is used to uniquely identify a
private key/certificate pair, as stored in the key database.</dd>
<dd>If the LDAP server is configured to perform Server Authentication, a client
certificate is not required (and <em>name</em> can be set to null). If the LDAP
server is configured to perform Client and Server Authentication, a client
certificate is required. <em>name</em> can be set to null if a default
certificate/private key pair has been designated as the default (using Using
DCM). Similarly, name can be set to <em>null</em> if there is a single
certificate/private key pair in the designated key database.</dd>
</dl>
<br>
<h3>Return Value</h3>
<dl>
<dt>Skit error code</dt>
<dd>if the request was successful.</dd>
<dt>-1</dt>
<dd>if <em>ld</em> is not set (NULL).</dd>
</dl>
<br>
<h3>Error Conditions</h3>
<p>If <em>ld</em> is not NULL, <strong>ldap_ssl_start()</strong> returns Skit
error code, otherwise it returns -1. See gskssl.h for possible values of skit
error codes.</p>
<br>
<h3>Error Messages</h3>
<p>The following message may be sent from this function.</p>
<table width="100%" cellpadding="3">
<tr>
<th align="left" valign="top">Message ID</th>
<th align="left" valign="top">Error Message Text</th>
</tr>
<tr>
<td width="15%" valign="top">CPF3CF2 E</td>
<td width="85%" valign="top">Error(s) occurred during running of ldap_ssl_start
API.</td>
</tr>
</table>
<br>
<br>
<h3>Related Information</h3>
<ul>
<li><a href="ldap_ssl_init.htm">ldap_ssl_init()</a> -- Initializes an SSL
connection.</li>
<li><a href="ldap_ssl_client_init.htm">ldap_ssl_client_init()</a> --
Initializes the SSL library.</li>
<li><img src="delta.gif" alt="Start of change"><a href="ldap_ssl_environment_init.htm">ldap_ssl_environment_init()</a> --Initialize SSL for a secure connection between client and server.<img src="deltaend.gif" alt="End of change"></li>
<li><img src="delta.gif" alt="Start of change"><a href="ldap_start_tls_app_np.htm">ldap_start_tls_app_np()</a> --Start a TLS session with an Application ID.<img src="deltaend.gif" alt="End of change"></li>
<li><img src="delta.gif" alt="Start of change"><a href="ldap_start_tls_s_np.htm">ldap_start_tls_s_np()</a> --Start a TLS session with a Certificate.<img src="deltaend.gif" alt="End of change"></li>
<li><img src="delta.gif" alt="Start of change"><a href="ldap_stop_tls_s_np.htm">ldap_stop_tls_s_np()</a> --End a TLS session.<img src="deltaend.gif" alt="End of change"></li>
</ul>
<p>The <strong>ldap_ssl_start()</strong> API includes RSA software. RSA is a
trademark of RSA Data Security, Inc.</p>
<br>
<hr>
API introduced: V4R3
<hr>
<table align="center" cellpadding="2" cellspacing="2">
<tr align="center">
<td valign="middle" align="center"><a href="#Top_Of_Page">Top</a> | <a href=
"dirserv1.htm">LDAP APIs</a> | <a href="aplist.htm">APIs by
category</a></td>
</tr>
</table>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink