[Mono-list] Certificate Store / LDAP

Loren Bandiera lorenb at mmgsecurity.com
Wed Jun 1 09:20:10 EDT 2005

BACKGROUND: I've been using Mono for a couple of projects, one of which is
called LAT (LDAP Administration Tool) [1].

I've been trying to get LDAP over SSL to work.  I found some sample code
(Samples.SecureBind.cs) written by Sunil Kumar at Novell but I couldn't
get it work on my system.

I figured out pretty quickly the problem was I needed to use the
certificate manager tool (certmgr) to import the SSL certificate into my
personal store.  Once I did that I could make a secure LDAP connection.

I dug into the certmgr source code to see how it imported certificates
into the store and copied over some chunks into LAT (my code is GPL'd; so
is the certmgr).

The plan was is if you were making an SSL connection, LAT would check the
store if there was no certificate it would popup a dialog and ask the user
if they wanted to import it.

If you click on 'Yes' the certificate does get imported into the user's
personal store but the LDAP connection fails.  If I exit and re-run the
program it works.

Is there some way I can get the Novell.Directory.Ldap classes to use a
freshly imported certificate without requiring a restart? Maybe there is a
better way to do want I want??

Anyone got any suggestions?

[1; cheap plug] - http://people.mmgsecurity.com/~lorenb/lat/

Loren Bandiera, CISSP <lorenb at mmgsecurity.com>
MMG Security, Inc.

More information about the Mono-list mailing list