directory-api mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <kayyag...@apache.org>
Subject Re: How do I use the LDAP API with SSL/TLS
Date Tue, 21 Aug 2012 05:31:04 GMT
On Tue, Aug 21, 2012 at 5:09 AM, Nate Seeley
<seeleyn@adaptivecomputing.com> wrote:
> I would like to use the LDAP API to allow my java application to query LDAP
> over a secure connection.  I've read the docs at
> http://directory.apache.org/api/connection-and-disconnection.html and still
> have a few questions.
>
> The docs say all we have to do to make the connection secure is to pass
> true as a third parameter to the LdapNetworkConnection constructor.
>
>     LdapConnection connection = new LdapNetworkConnection( "localhost",
> 636, true );
>
> I was wondering the following :
>
> 1.) How does LdapNetworkConnection know what certificates to trust? I
> assume we need to import certificates into a java keystore first, right?
> How do I tell LdapNetworkConnection what keystore to use?
> 2.) How do I verify the hostname of the server I am connecting to matches
> what is on the certificate?
for 1 & 2 you need to use a custom TrustManager (set it using
LdapConnectionConfig.setTrustManagers())
by default LdapNetworkConnection uses the default TrustManager
> 3.) Does the LDAP API support using StartTLS so that I can connect to my
> LDAP server on the unsecure port 389 and then upgrade to a TLS/SSL
> connection?
>
yes, call the startTls() after creating the connection
> I would appreciate any help you can offer. Thank you for your time,
>
> Nate
>
> PS. I'm using the latest version available as of today, which is 1.0.0-M12



-- 
Kiran Ayyagari
http://keydap.com

Mime
View raw message