The LDAP libraries for C# perform their own authentication. To authenticate using SSL, the LDAP server must have a certificate to use with SSL, the .NET client must have a place to store the certificates, and the LDAP library must be set up to use SSL.
Thus to integrate SSL with the LDAP libraries for C#, you need to do the following:
To set up the LDAP server:
Set up a digital certificate from a certificate authority. See the documentation on Novell Certificate Server Version 1, for information on setting up a certificate on the Netware server.
Configure the LDAP server to use the certificate in ConsoleOne. For instructions on this configuration, see Configuring LDAP Services for eDirectory in the November 1998 issue of Novell Developer Notes.
You need to set up the .NET client application to store the certificates in a Mono Trust Store. Before setting up the trust store, ensure that you have:
On Linux, Mono.Security.dll and certmgr.exe utility are installed by default with the Mono packages.
On Windows, you need to install Mono.Security.dll and certmgr.exe . You also need to set the location in your .NET client application path.
Mono.Security.dll and the certmgr utility are used to create a Mono Trust Store that contains the server certificate.
While compiling the security related applications Mono.Security.dll (which is available in the Mono Install Path)has to be referred along with Novell.Directory.Ldap.dll.
If you have difficulties in setting the path to point the Mono.Security.dll, copy the dll to your working directory.
In Windows environment, the Mono.Security.dll has to be added as a reference along with the Novell.Directory.Ldap.dll as shown in the Section 1.3, Using Novell.Directory.Ldap on Windows.
In Linux environment you have to sent the MONO_PATH to the exact location of the Mono.Security.dll or copy the same to your working directory to run the application as specified in Section 1.4, Using Novell.Directory.Ldap on Linux.
To create a trust store using Mono certmgr utility:
From ConsoleOne, create a trusted root certificate (a .der file).
Export the trusted root certificate to your local disk.
Rename the file
[trusted root certificate].der
to
[trusted root certificate].cer
This is because Mono currently does not recognize the .der extension.
Use the certmgr.exe utility to create a trust store file. If /home/exports/TrustedRootCert.cer is the certificate filename, the command would be as follows:
certmgr -add -c Trust /home/exports/TrustedRootCert.cer
The certificate will be added to the Mono Trust Store location which you can find at:
~/.mono/certs/Trust directory
NOTE:The format and location of the trust store depends upon Mono releases. You should use certmgr tool to interact safely with the certificate stores. To get more information about certmgr, refer to the certmgr manpage.
To integrate the Mono Security Library with the LDAP libraries for C#, set the SecureSocketLayer Property to true, after creating LdapConnection instance, as follows:
LdapConnection conn= new LdapConnection(); conn.SecureSocketLayer=true;
For an example of setting up a .NET client to use SSL, see SecureBind.cs in the LDAP libraries for C# samples.