Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id BAC41200BEF for ; Wed, 4 Jan 2017 20:09:54 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id BA8C1160B3A; Wed, 4 Jan 2017 19:09:54 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 0DCD7160B21 for ; Wed, 4 Jan 2017 20:09:53 +0100 (CET) Received: (qmail 31259 invoked by uid 500); 4 Jan 2017 19:09:53 -0000 Mailing-List: contact commits-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@directory.apache.org Delivered-To: mailing list commits@directory.apache.org Received: (qmail 31250 invoked by uid 99); 4 Jan 2017 19:09:53 -0000 Received: from Unknown (HELO svn01-us-west.apache.org) (209.188.14.144) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 04 Jan 2017 19:09:53 +0000 Received: from svn01-us-west.apache.org (localhost [127.0.0.1]) by svn01-us-west.apache.org (ASF Mail Server at svn01-us-west.apache.org) with ESMTP id 9CEDF3A0119 for ; Wed, 4 Jan 2017 19:09:52 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1004155 - in /websites/staging/directory/trunk/content: ./ api/user-guide/5.1-ssl.html Date: Wed, 04 Jan 2017 19:09:52 -0000 To: commits@directory.apache.org From: buildbot@apache.org X-Mailer: svnmailer-1.0.9 Message-Id: <20170104190952.9CEDF3A0119@svn01-us-west.apache.org> archived-at: Wed, 04 Jan 2017 19:09:54 -0000 Author: buildbot Date: Wed Jan 4 19:09:52 2017 New Revision: 1004155 Log: Staging update by buildbot for directory Modified: websites/staging/directory/trunk/content/ (props changed) websites/staging/directory/trunk/content/api/user-guide/5.1-ssl.html Propchange: websites/staging/directory/trunk/content/ ------------------------------------------------------------------------------ --- cms:source-revision (original) +++ cms:source-revision Wed Jan 4 19:09:52 2017 @@ -1 +1 @@ -1777362 +1777365 Modified: websites/staging/directory/trunk/content/api/user-guide/5.1-ssl.html ============================================================================== --- websites/staging/directory/trunk/content/api/user-guide/5.1-ssl.html (original) +++ websites/staging/directory/trunk/content/api/user-guide/5.1-ssl.html Wed Jan 4 19:09:52 2017 @@ -218,27 +218,43 @@ h2:hover > .headerlink, h3:hover > .head 3.1 (aka TLSv1) -Enabled -Enabled -Enabled -Enabled +Enabled +Enabled +Enabled +Enabled 3.2 (aka TLSv1.1 Disabled -Enabled -Enabled -Enabled +Enabled +Enabled +Enabled 3.3 (aka TLSv1.2) Disabled -Enabled -Enabled -Enabled +Enabled +Enabled +Enabled +

(Disabled mean it's not active by default, and must be activated explicitely).

The default is for Java to pick the one that fits, assuming that it will always start with the newest version (TLSv1.2).

Still, you can enforce the version if needed.

A quick primer¶

Here is all what you need to get a LDAPS connection established with a server :

    try ( LdapConnection connection = new LdapNetworkConnection( "server-name", 636, true ) )
+    {
+        connection.bind( "uid=admin,ou=system", "secret" );
+
+        assertTrue( connection.isAuthenticated() );
+    }
+

+ + +

This is as simple as that ! The 636* port is the default LDAPS port for standard LDAP servers, when running as root, and for ApacheDS you will have to pick 10636. The true** flag is set to secure the connection. You don't need to close the connection, it will be done automatically when exiting the try{...} block.

By default, the selected protocol is TLS, and we wont verify the server's certificate.