directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r1004173 - in /websites/staging/directory/trunk/content: ./ api/user-guide.html api/user-guide/5-ldap-security.html api/user-guide/5.1-ldaps.html api/user-guide/5.1-ssl.html
Date Thu, 05 Jan 2017 05:05:16 GMT
Author: buildbot
Date: Thu Jan  5 05:05:16 2017
New Revision: 1004173

Log:
Staging update by buildbot for directory

Added:
    websites/staging/directory/trunk/content/api/user-guide/5.1-ldaps.html
Removed:
    websites/staging/directory/trunk/content/api/user-guide/5.1-ssl.html
Modified:
    websites/staging/directory/trunk/content/   (props changed)
    websites/staging/directory/trunk/content/api/user-guide.html
    websites/staging/directory/trunk/content/api/user-guide/5-ldap-security.html

Propchange: websites/staging/directory/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Thu Jan  5 05:05:16 2017
@@ -1 +1 @@
-1777388
+1777413

Modified: websites/staging/directory/trunk/content/api/user-guide.html
==============================================================================
--- websites/staging/directory/trunk/content/api/user-guide.html (original)
+++ websites/staging/directory/trunk/content/api/user-guide.html Thu Jan  5 05:05:16 2017
@@ -195,7 +195,7 @@ Other pages are finished (but may be rev
 <p><a href="user-guide/2-basic-ldap-api-usage.html">2 - Basic LDAP API usage
(...)</a></p>
 <ul>
 <li><a href="user-guide/2.1-connection-disconnection.html">2.1 - Connection and
disconnection</a></li>
-<li><a href="user-guide/2.2-binding-unbinding.html">2.2 - Binding and unbinding
(...)</a></li>
+<li><a href="user-guide/2.2-binding-unbinding.html">2.2 - Binding and unbinding</a></li>
 <li><a href="user-guide/2.3-searching.html">2.3 - Searching (...)</a></li>
 <li><a href="user-guide/2.4-adding.html">2.4 - Adding entries</a></li>
 <li><a href="user-guide/2.5-deleting.html">2.5 - Deleting entries</a></li>
@@ -236,9 +236,12 @@ Other pages are finished (but may be rev
 <li>
 <p><a href="user-guide/5-ldap-security.html">5 - LDAP security (e)</a></p>
 <ul>
-<li><a href="user-guide/5.1-aci-and-acls.html">5.1 - ACI and ACLs (e)</a></li>
-<li><a href="user-guide/5.2-ssl.html">5.2 - SSL (e)</a></li>
-<li><a href="user-guide/5.3-start-tls.html">5.3 - StartTLS (e)</a></li>
+<li><a href="user-guide/5.1-ldaps.html">5.1 - LDAPS</a></li>
+<li><a href="user-guide/5.2-start-tls.html">5.2 - StartTLS (e)</a></li>
+<li><a href="user-guide/5.3-password-handling.html">5.3 - Password handling</a></li>
+<li><a href="user-guide/5.4-sasl-bind.html">5.4 - SASL Bind</a></li>
+<li><a href="user-guide/5.5-certificates.html">5.5 - Certificates</a></li>
+<li><a href="user-guide/5.6-aci-and-acls.html">5.6 - ACI and ACLs (e)</a></li>
 </ul>
 </li>
 <li>

Modified: websites/staging/directory/trunk/content/api/user-guide/5-ldap-security.html
==============================================================================
--- websites/staging/directory/trunk/content/api/user-guide/5-ldap-security.html (original)
+++ websites/staging/directory/trunk/content/api/user-guide/5-ldap-security.html Thu Jan 
5 05:05:16 2017
@@ -196,12 +196,12 @@ h2:hover > .headerlink, h3:hover > .head
 <p>Last, but not least, we have seen how to perform a simple bind to an <strong>LDAP</strong>
server using a name and a password.  There are other ways to bind, using <strong>SASL</strong>.
We will also explain how to use certificates in SSL/StartTLS.</p>
 <h2 id="contents">Contents<a class="headerlink" href="#contents" title="Permanent
link">&para;</a></h2>
 <ul>
-<li><a href="user-guide/5.1-ssl.html">5.1 - SSL (e)</a></li>
-<li><a href="user-guide/5.2-start-tls.html">5.2 - StartTLS (e)</a></li>
-<li><a href="user-guide/5.3-password-handling.html">5.3 - Password handling</a></li>
-<li><a href="user-guide/5.4-sasl-bind.html">5.4 - SASL Bind</a></li>
-<li><a href="user-guide/5.5-certificates.html">5.5 - Certificates</a></li>
-<li><a href="user-guide/5.6-aci-and-acls.html">5.6 - ACI and ACLs (e)</a></li>
+<li><a href="5.1-ldaps.html">5.1 - LDAPS</a></li>
+<li><a href="5.2-start-tls.html">5.2 - StartTLS (e)</a></li>
+<li><a href="5.3-password-handling.html">5.3 - Password handling</a></li>
+<li><a href="5.4-sasl-bind.html">5.4 - SASL Bind</a></li>
+<li><a href="5.5-certificates.html">5.5 - Certificates</a></li>
+<li><a href="5.6-aci-and-acls.html">5.6 - ACI and ACLs (e)</a></li>
 </ul>
 
 

Added: websites/staging/directory/trunk/content/api/user-guide/5.1-ldaps.html
==============================================================================
--- websites/staging/directory/trunk/content/api/user-guide/5.1-ldaps.html (added)
+++ websites/staging/directory/trunk/content/api/user-guide/5.1-ldaps.html Thu Jan  5 05:05:16
2017
@@ -0,0 +1,327 @@
+<!DOCTYPE html>
+<!--
+    Licensed to the Apache Software Foundation (ASF) under one or more
+    contributor license agreements.  See the NOTICE file distributed with
+    this work for additional information regarding copyright ownership.
+    The ASF licenses this file to You under the Apache License, Version 2.0
+    (the "License"); you may not use this file except in compliance with
+    the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+-->
+<html>
+	<head>
+		<title>5.1 - LDAPS &mdash; Apache Directory</title>
+		
+	    <link href="./../../css/common.css" rel="stylesheet" type="text/css">
+	    <link href="./../../css/brown.css" rel="stylesheet" type="text/css">
+    
+        
+        <link rel="shortcut icon" href="./../../images/api-icon_16x16.png">
+    
+        <!-- Google Analytics -->
+        <script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
+        <script type="text/javascript">
+            _uacct = "UA-1358462-1";
+            urchinTracker();
+        </script>
+	</head>
+	<body>
+	    <div id="container">
+            <div id="header">
+                <div id="subProjectsNavBar">
+                    <a href="./../../">
+                        
+                        Main
+                        
+                    </a>
+                    &nbsp;|&nbsp;
+                    <a href="./../../apacheds">
+                        
+                        ApacheDS
+                        
+                    </a>
+                    &nbsp;|&nbsp;
+                    <a href="./../../studio">
+                        
+                        Studio
+                        
+                    </a>
+                    &nbsp;|&nbsp;
+                    <a href="./../../api">
+                        
+                        <STRONG>LDAP API</STRONG>
+                        
+                    </a>
+                    &nbsp;|&nbsp;
+                    <a href="./../../mavibot">
+                        
+                        Mavibot
+                        
+                    </a>
+                    &nbsp;|&nbsp;
+                    <a href="./../../escimo">
+                        
+                        eSCIMo
+                        
+                    </a>
+                    &nbsp;|&nbsp;
+                    <a href="./../../fortress">
+                        
+                        Fortress
+                        
+                    </a>
+                    &nbsp;|&nbsp;
+                    <a href="./../../kerby">
+                        
+                        Kerby
+                        
+                    </a>
+                </div><!-- subProjectsNavBar -->
+            </div><!-- header -->
+            <div id="content">
+                <div id="leftColumn">
+                    
+<div id="navigation">
+    
+    <!--ul>
+      <li>
+        <a href="http://bit.ly/1n9YlQT" target="_blank">
+          <img src="./../../images/ApacheConBudapest.png" width="125" height="125" alt="I'm
Speaking at ApacheCon Europe 2014! Join me!" title="I'm Speaking at ApacheCon Europe 2014!
Join me!" border="0" style="margin-bottom:-3px;"/>
+        </a>
+      </li>
+    </ul-->
+    <h5>LDAP API 1.0</h5>
+    <ul>
+        <li><a href="./../../api/">Home</a></li>
+        <li><a href="./../../api/news.html">News</a></li>
+    </ul>
+    <h5>Downloads</h5>
+    <ul>
+	    <li><a href="./../../api/downloads.html">Version 1.0.0-RC2</a>&nbsp;&nbsp;<IMG
src="./../../images/new_badge.gif" alt="" style="margin-bottom:-3px;" border="0"></li>
+        <li><a href="./../../api/download-old-versions.html">Older versions</a></li>
+    </ul>
+    <h5>Getting Started</h5>
+    <ul>
+        <li><a href="./../../api/vision.html">Vision</a></li>
+        <li><a href="./../../api/java-api.html">Java API</a></li>
+    </ul>
+    <h5>Documentation</h5>
+    <ul>
+	    <li><a href="./../../api/five-minutes-tutorial.html">Five minutes tutorial</a></li>
+	    <li><a href="./../../api/user-guide.html">User Guide</a></li>
+        <li><a href="./../../api/gen-docs/latest/apidocs/">JavaDocs</a></li>
+        <li><a href="./../../api/gen-docs/latest/xref/">Cross-Reference</a></li>
+        <!--li><a href="./../../api/gen-docs/latest/">Generated Reports</a></li-->
+        <li><a href="./../../api/developer-guide.html">Developer Guide</a></li>
+    </ul>
+    
+    
+    <h5>Support</h5>
+    <ul>
+        <li><a href="./../../mailing-lists-and-irc.html">Mailing Lists &amp;
IRC</a></li>
+        <li><a href="./../../sources.html">Sources</a></li>
+        <li><a href="./../../issue-tracking.html">Issue Tracking</a></li>
+        <li><a href="./../../commercial-support.html">Commercial Support</a></li>
+    </ul>
+    <h5>Community</h5>
+    <ul>
+        <li><a href="./../../contribute.html">How to Contribute</a></li>
+        <li><a href="./../../team.html">Team</a></li>
+        <li><a href="./../../original-project-proposal.html">Original Project
Proposal</a></li>
+        <li><a href="./../../special-thanks.html" class="external-link" rel="nofollow">Special
Thanks</a></li>
+    </ul>
+    <h5>About Apache</h5>
+    <ul>
+        <li><a href="http://www.apache.org/">Apache</a></li>
+        <li><a href="http://www.apache.org/licenses/">License</a></li>
+        <li><a href="http://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li>
+        <li><a href="http://www.apache.org/foundation/thanks.html">Thanks</a></li>
+        <li><a href="http://www.apache.org/security/">Security</a></li>
+    </ul>
+    
+</div><!-- navigation -->
+
+                </div><!-- leftColumn -->
+                <div id="rightColumn">
+
+
+    <div class="nav">
+        <div class="nav_prev">
+        
+            <a href="5-ldap-security.html">5 - LDAP Security</a>
+		
+        </div>
+        <div class="nav_up">
+        
+            <a href="5-ldap-security.html">5 - LDAP Security</a>
+		
+        </div>
+        <div class="nav_next">
+        
+            <a href="5.2-start-tls.html">5.2 - StartTLS</a>
+		
+        </div>
+        <div class="clearfix"></div>
+    </div>
+
+
+<style type="text/css">
+/* The following code is added by mdx_elementid.py
+   It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+  visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover
> .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink
{ visibility: visible }</style>
+<h1 id="51-ldaps">5.1 - LDAPS<a class="headerlink" href="#51-ldaps" title="Permanent
link">&para;</a></h1>
+<p><strong>LDAP</strong> supports <strong>SSL</strong>, it's
called <strong>LDAPS</strong>, and it uses a dedicated port. As of today, and
since 2000, <strong>LDAPS</strong> is deprecated and <strong>StartTLS</strong>
should be used.</p>
+<p>That being said, many servers accept <strong>LDAPS</strong>, and the
Apache LDAP API supports it.</p>
+<h2 id="how-does-it-work">How does it work ?<a class="headerlink" href="#how-does-it-work"
title="Permanent link">&para;</a></h2>
+<p>The <strong>SSL</strong> protocol ensures that data are transmitted
encrypted, and guarantees that the data being received are valid. Nobody can capture those
data and read them, assuming the ciphers being used are strong enough.</p>
+<p>With <strong>SSL</strong>, a dialog between the client and the server
occurs, and when both part agree on the cipher to use, then all subsequent data is encrypted.
This dialog may include a mutual validation. </p>
+<h2 id="protocols">Protocols<a class="headerlink" href="#protocols" title="Permanent
link">&para;</a></h2>
+<p>There are many version that can be used, but the idea is to use tha most recent
one, if the server supports it. In any case, as we depend on <strong>Java</strong>,
we are also limited by the supported version on the client side. Here are all the existing
version, and their status :</p>
+<table class="table">
+<thead>
+<tr>
+<th>SSLversion</th>
+<th>Java 7 Client</th>
+<th>Java 7 Server</th>
+<th>Java 8 Client</th>
+<th>Java 8 Server</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>2.0</td>
+<td>N/A</td>
+<td>N/A</td>
+<td>N/A</td>
+<td>N/A</td>
+</tr>
+<tr>
+<td>3.0</td>
+<td>Disabled</td>
+<td>Disabled</td>
+<td>N/A</td>
+<td>N/A</td>
+</tr>
+<tr>
+<td>3.1 (aka TLSv1)</td>
+<td><strong>Enabled</strong></td>
+<td><strong>Enabled</strong></td>
+<td><strong>Enabled</strong></td>
+<td><strong>Enabled</strong></td>
+</tr>
+<tr>
+<td>3.2 (aka TLSv1.1</td>
+<td>Disabled</td>
+<td><strong>Enabled</strong></td>
+<td><strong>Enabled</strong></td>
+<td><strong>Enabled</strong></td>
+</tr>
+<tr>
+<td>3.3 (aka TLSv1.2)</td>
+<td>Disabled</td>
+<td><strong>Enabled</strong></td>
+<td><strong>Enabled</strong></td>
+<td><strong>Enabled</strong></td>
+</tr>
+</tbody>
+</table>
+<p>(<em>Disabled</em> mean it's not active by default, and must be activated
explicitely).</p>
+<p>The default is for Java to pick the one that fits, assuming that it will always
start with the newest version (<strong>TLSv1.2</strong>).</p>
+<p>Still, you can enforce the version if needed.</p>
+<h2 id="a-quick-primer">A quick primer<a class="headerlink" href="#a-quick-primer"
title="Permanent link">&para;</a></h2>
+<p>Here is all what you need to get a <strong>LDAPS</strong> connection
established with a server :</p>
+<div class="codehilite"><pre>    <span class="k">try</span> <span
class="p">(</span> <span class="n">LdapConnection</span> <span class="n">connection</span>
<span class="p">=</span> <span class="n">new</span> <span class="n">LdapNetworkConnection</span><span
class="p">(</span> &quot;<span class="n">server</span><span class="o">-</span><span
class="n">name</span>&quot;<span class="p">,</span> 636<span class="p">,</span>
<span class="n">true</span> <span class="p">)</span> <span class="p">)</span>
+    <span class="p">{</span>
+        <span class="n">connection</span><span class="p">.</span><span
class="n">bind</span><span class="p">(</span> &quot;<span class="n">uid</span><span
class="p">=</span><span class="n">admin</span><span class="p">,</span><span
class="n">ou</span><span class="p">=</span><span class="n">system</span>&quot;<span
class="p">,</span> &quot;<span class="n">secret</span>&quot;
<span class="p">);</span>
+
+        <span class="n">assertTrue</span><span class="p">(</span>
<span class="n">connection</span><span class="p">.</span><span
class="n">isAuthenticated</span><span class="p">()</span> <span class="p">);</span>
+    <span class="p">}</span>
+</pre></div>
+
+
+<p>This is as simple as that ! The <strong>636* port is the default </strong>LDAPS<strong>
port for standard </strong>LDAP<strong> servers, when running as </strong>root<strong>,
and for </strong>ApacheDS<strong> you will have to pick </strong>10636<strong>.
The </strong>true** flag is set to secure the connection. You don't need to close the
connection, it will be done automatically when exiting the try{...} block.</p>
+<p>By default, the selected protocol is <strong>TLS</strong>, and we wont
verify the server's certificate.</p>
+<h2 id="a-more-sophisticated-sample">A more sophisticated sample<a class="headerlink"
href="#a-more-sophisticated-sample" title="Permanent link">&para;</a></h2>
+<p>It's possible to have more control on the <strong>SSL</strong> configuration,
and specifically to provide a specific <strong>TrustManager</strong> :</p>
+<div class="codehilite"><pre>    <span class="k">try</span> <span
class="p">(</span> <span class="n">LdapConnection</span> <span class="n">connection</span>
<span class="p">=</span> <span class="n">new</span> <span class="n">LdapNetworkConnection</span><span
class="p">(</span> <span class="n">Network</span><span class="p">.</span><span
class="n">LOOPBACK_HOSTNAME</span><span class="p">,</span> <span class="n">getLdapServer</span><span
class="p">().</span><span class="n">getPortSSL</span><span class="p">(),</span>
<span class="n">new</span> <span class="n">NoVerificationTrustManager</span><span
class="p">()</span> <span class="p">)</span> <span class="p">)</span>
+    <span class="p">{</span>
+        <span class="n">connection</span><span class="p">.</span><span
class="n">bind</span><span class="p">(</span> &quot;<span class="n">uid</span><span
class="p">=</span><span class="n">admin</span><span class="p">,</span><span
class="n">ou</span><span class="p">=</span><span class="n">system</span>&quot;<span
class="p">,</span> &quot;<span class="n">secret</span>&quot;
<span class="p">);</span>
+
+        <span class="n">assertTrue</span><span class="p">(</span>
<span class="p">((</span><span class="n">LdapNetworkConnection</span><span
class="p">)</span><span class="n">connection</span><span class="p">).</span><span
class="n">getConfig</span><span class="p">().</span><span class="n">isUseSsl</span><span
class="p">()</span> <span class="p">);</span>
+        <span class="n">assertTrue</span><span class="p">(</span>
<span class="n">connection</span><span class="p">.</span><span
class="n">isAuthenticated</span><span class="p">()</span> <span class="p">);</span>
+    <span class="p">}</span>
+</pre></div>
+
+
+<p>Here, we use the <em>NoVerificationTrustManager</em> class, but you
can define your own implementation. The <strong>Fortress</strong> project is using
<a href="https://github.com/apache/directory-fortress-core/blob/master/src/main/java/org/apache/directory/fortress/core/ldap/LdapClientTrustStoreManager.java">this
class</a>.</p>
+<h2 id="using-a-configuration">Using a configuration<a class="headerlink" href="#using-a-configuration"
title="Permanent link">&para;</a></h2>
+<p>One step further : you can define a dediated configuration that is passed to the
constructor. Many parameters can be defined :</p>
+<ul>
+<li>the enabled cipher suites</li>
+<li>the enabled protocols</li>
+<li>the KeyManager instances</li>
+<li>the SecureRandom instance</li>
+<li>the SSL protocol to use</li>
+<li>the TrustManager instances</li>
+</ul>
+<p>All those parameters are configured using the <em>LdapConnectionConfig</em>
class :</p>
+<div class="codehilite"><pre>    <span class="n">LdapConnectionConfig</span>
<span class="n">sslConfig</span> <span class="p">=</span> <span
class="n">new</span> <span class="n">LdapConnectionConfig</span><span
class="p">();</span>
+    <span class="n">sslConfig</span><span class="p">.</span><span
class="n">setLdapHost</span><span class="p">(</span> <span class="n">Network</span><span
class="p">.</span><span class="n">LOOPBACK_HOSTNAME</span> <span class="p">);</span>
+    <span class="n">sslConfig</span><span class="p">.</span><span
class="n">setUseSsl</span><span class="p">(</span> <span class="n">true</span>
<span class="p">);</span>
+    <span class="n">sslConfig</span><span class="p">.</span><span
class="n">setLdapPort</span><span class="p">(</span> <span class="n">getLdapServer</span><span
class="p">().</span><span class="n">getPortSSL</span><span class="p">()</span>
<span class="p">);</span>
+    <span class="n">sslConfig</span><span class="p">.</span><span
class="n">setTrustManagers</span><span class="p">(</span> <span class="n">new</span>
<span class="n">NoVerificationTrustManager</span><span class="p">()</span>
<span class="p">);</span>
+
+    <span class="k">try</span> <span class="p">(</span> <span
class="n">LdapConnection</span> <span class="n">connection</span> <span
class="p">=</span> <span class="n">new</span> <span class="n">LdapNetworkConnection</span><span
class="p">(</span> <span class="n">sslConfig</span> <span class="p">)</span>
<span class="p">)</span>
+    <span class="p">{</span>
+        <span class="n">connection</span><span class="p">.</span><span
class="n">bind</span><span class="p">(</span> &quot;<span class="n">uid</span><span
class="p">=</span><span class="n">admin</span><span class="p">,</span><span
class="n">ou</span><span class="p">=</span><span class="n">system</span>&quot;<span
class="p">,</span> &quot;<span class="n">secret</span>&quot;
<span class="p">);</span>
+
+        <span class="n">assertTrue</span><span class="p">(</span>
<span class="p">((</span><span class="n">LdapNetworkConnection</span><span
class="p">)</span><span class="n">connection</span><span class="p">).</span><span
class="n">getConfig</span><span class="p">().</span><span class="n">isUseSsl</span><span
class="p">()</span> <span class="p">);</span>
+        <span class="n">assertTrue</span><span class="p">(</span>
<span class="n">connection</span><span class="p">.</span><span
class="n">isAuthenticated</span><span class="p">()</span> <span class="p">);</span>
+    <span class="p">}</span>
+</pre></div>
+
+
+    <div class="nav">
+        <div class="nav_prev">
+        
+            <a href="5-ldap-security.html">5 - LDAP Security</a>
+		
+        </div>
+        <div class="nav_up">
+        
+            <a href="5-ldap-security.html">5 - LDAP Security</a>
+		
+        </div>
+        <div class="nav_next">
+        
+            <a href="5.2-start-tls.html">5.2 - StartTLS</a>
+		
+        </div>
+        <div class="clearfix"></div>
+    </div>
+
+
+                </div><!-- rightColumn -->
+                <div id="endContent"></div>
+            </div><!-- content -->
+            <div id="footer">&copy; 2003-2015, <a href="http://www.apache.org">The
Apache Software Foundation</a> - <a href="./../../privacy-policy.html">Privacy
Policy</a><br />
+                Apache Directory, ApacheDS, Apache Directory Server, Apache Directory Studio,
Apache LDAP API, Apache Triplesec, Triplesec, Apache Mavibot, Mavibot, Apache eSCIMo, eSCIMo,
Fortress, Apache Fortress, EnMasse, Apache EnMasse, Apache Kerby, Kerby
+                Apache, the Apache feather logo, and the Apache Directory project logos are
trademarks of The Apache Software Foundation.
+            </div>
+        </div><!-- container -->
+    </body>
+</html>
\ No newline at end of file



Mime
View raw message