#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <ldap_ssl.h>
#if defined(N_PLAT_NLM) && defined(LIBC)
#include <screen.h>
#endif
static char usage[] =
"\n Usage: sslbind <host name> <port number> <login dn> <password>"
"\n\t<cert file> <file type> \n"
" host name = ldap server name or IP address\n"
" port number = port to use - 636 is ldap ssl default\n"
" login dn = user name to login as\n"
" password = user password\n"
" cert file = trusted root certificate file\n"
" file type = DER=der encoded file, B64=b64 encoded file\n"
"\n Example: sslbind Acme.com 636 cn=admin,o=Acme secret myKey.der DER\n";
int main(int argc, char *argv[])
{
struct timeval timeOut = {10,0};
int version, rc, ldapPort;
char *ldapHost;
char *loginDN;
char *password;
char *certFile;
char *fileType;
int fileEncoding;
LDAP *ld;
LDAPMessage *resultBuf = NULL;
LDAPMessage *entry = NULL;
char *attrs[] = { LDAP_NO_ATTRS, NULL };
char *dn;
#if defined(N_PLAT_NLM) && defined(LIBC)
setscreenmode(SCR_NO_MODE);
#endif
if (argc != 7)
{
printf("%s", usage);
exit(1);
}
ldapHost = argv[1];
ldapPort = atoi(argv[2]);
loginDN = argv[3];
password = argv[4];
certFile = argv[5];
fileType = argv[6];
version = LDAP_VERSION3;
ldap_set_option( NULL, LDAP_OPT_PROTOCOL_VERSION, &version);
ldap_set_option( NULL, LDAP_OPT_NETWORK_TIMEOUT, &timeOut);
if ( (0 == strcmp(fileType, "DER")) || (0 == strcmp(fileType, "der")))
fileEncoding = LDAPSSL_CERT_FILETYPE_DER;
else if ((0 == strcmp(fileType, "B64")) ||(0 == strcmp(fileType, "b64")))
fileEncoding = LDAPSSL_CERT_FILETYPE_B64;
else
{
printf("Invalid certificate file type.\n");
printf("%s", usage);
exit(1);
}
rc = ldapssl_client_init( NULL,
NULL );
if (rc != LDAP_SUCCESS)
{
printf("ldapssl_client_init error: %d\n", rc);
exit(1);
}
rc = ldapssl_add_trusted_cert(certFile, fileEncoding);
if (rc != LDAP_SUCCESS)
{
printf("ldapssl_add_trusted_cert error: %d\n", rc);
ldapssl_client_deinit();
exit(1);
}
ld = ldapssl_init( ldapHost,
ldapPort,
1 );
if (ld == NULL )
{
printf("ldapssl_init error\n" );
ldapssl_client_deinit();
exit(1);
}
rc = ldap_simple_bind_s( ld, loginDN, password);
if (rc != LDAP_SUCCESS )
{
printf("ldap_simple_bind_s error: %d, %s\n", rc, ldap_err2string( rc ));
ldap_unbind_s( ld );
ldapssl_client_deinit();
exit(1);
}
printf("SSL bind successful - performing search\n");
rc = ldap_search_ext_s(ld, "" , LDAP_SCOPE_ONELEVEL, "(objectClass=*)",
attrs, 0, NULL, NULL, NULL,
LDAP_NO_LIMIT, &resultBuf);
if( rc == LDAP_SUCCESS)
{
entry = ldap_first_entry(ld, resultBuf);
while (entry != NULL)
{
dn = ldap_get_dn(ld, entry);
printf("\tObject: %s\n", dn);
ldap_memfree(dn);
entry = ldap_next_entry(ld, entry);
}
ldap_msgfree( resultBuf );
}
else
{
printf("ldap_search_s error: %d, %s\n", rc, ldap_err2string(rc));
}
ldap_unbind_s( ld );
ldapssl_client_deinit();
return 0;
}