directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r1004470 - in /websites/staging/directory/trunk/content: ./ api/user-guide/5.1-ldaps.html
Date Sun, 08 Jan 2017 18:56:54 GMT
Author: buildbot
Date: Sun Jan  8 18:56:53 2017
New Revision: 1004470

Log:
Staging update by buildbot for directory

Modified:
    websites/staging/directory/trunk/content/   (props changed)
    websites/staging/directory/trunk/content/api/user-guide/5.1-ldaps.html

Propchange: websites/staging/directory/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Sun Jan  8 18:56:53 2017
@@ -1 +1 @@
-1777413
+1777900

Modified: websites/staging/directory/trunk/content/api/user-guide/5.1-ldaps.html
==============================================================================
--- websites/staging/directory/trunk/content/api/user-guide/5.1-ldaps.html (original)
+++ websites/staging/directory/trunk/content/api/user-guide/5.1-ldaps.html Sun Jan  8 18:56:53
2017
@@ -185,7 +185,7 @@
 h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover
> .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink
{ visibility: visible }</style>
 <h1 id="51-ldaps">5.1 - LDAPS<a class="headerlink" href="#51-ldaps" title="Permanent
link">&para;</a></h1>
 <p><strong>LDAP</strong> supports <strong>SSL</strong>, it's
called <strong>LDAPS</strong>, and it uses a dedicated port. As of today, and
since 2000, <strong>LDAPS</strong> is deprecated and <strong>StartTLS</strong>
should be used.</p>
-<p>That being said, many servers accept <strong>LDAPS</strong>, and the
Apache LDAP API supports it.</p>
+<p>That being said, many servers accept <strong>LDAPS</strong>, and the
<strong>Apache LDAP API</strong> supports it.</p>
 <h2 id="how-does-it-work">How does it work ?<a class="headerlink" href="#how-does-it-work"
title="Permanent link">&para;</a></h2>
 <p>The <strong>SSL</strong> protocol ensures that data are transmitted
encrypted, and guarantees that the data being received are valid. Nobody can capture those
data and read them, assuming the ciphers being used are strong enough.</p>
 <p>With <strong>SSL</strong>, a dialog between the client and the server
occurs, and when both part agree on the cipher to use, then all subsequent data is encrypted.
This dialog may include a mutual validation. </p>
@@ -257,7 +257,8 @@ h2:hover > .headerlink, h3:hover > .head
 <p>By default, the selected protocol is <strong>TLS</strong>, and we wont
verify the server's certificate.</p>
 <h2 id="a-more-sophisticated-sample">A more sophisticated sample<a class="headerlink"
href="#a-more-sophisticated-sample" title="Permanent link">&para;</a></h2>
 <p>It's possible to have more control on the <strong>SSL</strong> configuration,
and specifically to provide a specific <strong>TrustManager</strong> :</p>
-<div class="codehilite"><pre>    <span class="k">try</span> <span
class="p">(</span> <span class="n">LdapConnection</span> <span class="n">connection</span>
<span class="p">=</span> <span class="n">new</span> <span class="n">LdapNetworkConnection</span><span
class="p">(</span> <span class="n">Network</span><span class="p">.</span><span
class="n">LOOPBACK_HOSTNAME</span><span class="p">,</span> <span class="n">getLdapServer</span><span
class="p">().</span><span class="n">getPortSSL</span><span class="p">(),</span>
<span class="n">new</span> <span class="n">NoVerificationTrustManager</span><span
class="p">()</span> <span class="p">)</span> <span class="p">)</span>
+<div class="codehilite"><pre>    <span class="k">try</span> <span
class="p">(</span> <span class="n">LdapConnection</span> <span class="n">connection</span>
<span class="p">=</span> <span class="n">new</span> <span class="n">LdapNetworkConnection</span><span
class="p">(</span> <span class="n">Network</span><span class="p">.</span><span
class="n">LOOPBACK_HOSTNAME</span><span class="p">,</span> <span class="n">getLdapServer</span><span
class="p">().</span><span class="n">getPortSSL</span><span class="p">(),</span>

+            <span class="n">new</span> <span class="n">NoVerificationTrustManager</span><span
class="p">()</span> <span class="p">)</span> <span class="p">)</span>
     <span class="p">{</span>
         <span class="n">connection</span><span class="p">.</span><span
class="n">bind</span><span class="p">(</span> &quot;<span class="n">uid</span><span
class="p">=</span><span class="n">admin</span><span class="p">,</span><span
class="n">ou</span><span class="p">=</span><span class="n">system</span>&quot;<span
class="p">,</span> &quot;<span class="n">secret</span>&quot;
<span class="p">);</span>
 
@@ -272,7 +273,7 @@ h2:hover > .headerlink, h3:hover > .head
 <p>One step further : you can define a dediated configuration that is passed to the
constructor. Many parameters can be defined :</p>
 <ul>
 <li>the enabled cipher suites</li>
-<li>the enabled protocols</li>
+<li>the enabled protocols : a list of protocals that may be used ( "SSLv3", "TLS",
"TLSv1", "TLSv1.1", "TLSv1.2")</li>
 <li>the KeyManager instances</li>
 <li>the SecureRandom instance</li>
 <li>the SSL protocol to use</li>



Mime
View raw message