directory-api mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nate Seeley <seel...@adaptivecomputing.com>
Subject How do I use the LDAP API with SSL/TLS
Date Mon, 20 Aug 2012 23:39:57 GMT
I would like to use the LDAP API to allow my java application to query LDAP
over a secure connection.  I've read the docs at
http://directory.apache.org/api/connection-and-disconnection.html and still
have a few questions.

The docs say all we have to do to make the connection secure is to pass
true as a third parameter to the LdapNetworkConnection constructor.

    LdapConnection connection = new LdapNetworkConnection( "localhost",
636, true );

I was wondering the following :

1.) How does LdapNetworkConnection know what certificates to trust? I
assume we need to import certificates into a java keystore first, right?
How do I tell LdapNetworkConnection what keystore to use?
2.) How do I verify the hostname of the server I am connecting to matches
what is on the certificate?
3.) Does the LDAP API support using StartTLS so that I can connect to my
LDAP server on the unsecure port 389 and then upgrade to a TLS/SSL
connection?

I would appreciate any help you can offer. Thank you for your time,

Nate

PS. I'm using the latest version available as of today, which is 1.0.0-M12

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message