directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Ibbeken" <Michael_Ibbe...@avid.com>
Subject RE: Setting Up Custom SSLContext for Ldaps Server
Date Tue, 11 Nov 2008 13:05:38 GMT
Hi Emmanuel,

  thank you so much for the replay and insight into this topic.
  
  we need to set up a custom sslcontext as we have a custom key
  and trust store for our solution.

  yes, allowing for injection in the code and configuring things
  from the spring side would be an option.
javascript:SetCmd(cmdSend);
  i was wondering why the code wasn't using the socketfactory
  mechanism. that would allow cusotmization by defining the default
  socket factory from the hosting code/environment I would guess.

  Anyway, thanks for the information provided so far.

Regards,
  Michael


-----Original Message-----
From: Emmanuel Lecharny [mailto:elecharny@gmail.com]
Sent: Mon 11/10/2008 8:03 PM
To: Apache Directory Developers List
Subject: Re: Setting Up Custom SSLContext for Ldaps Server
 
Michael Ibbeken wrote:
> Hi all,
>   
Hi Michael,
>  
>
>   I am somewhat new to ApacheDS. We are using it for user authentication
> but want to connect via ldaps instead of ldap.
>
>   But instead of using ldaps the default way, we need to use a custom
> sslcontext for the connection.
>   
Any reason to use a custom sslContext ? (I'm just curious)
>  
>
>   I wondered how I would do that on the server side of the ldaps
> connection (meaning the apacheds). I could tweak the 
>
>   LdapServer class so that it wont call the static method
> LdapsInitializer.init(keyStore) and set up the mina sslfilter
>   
You will have to hack the LdapsInitializer class, as this is where we 
initialize the SslContext, before injecting the SslFilter in MINA chain.
>   using my custom sslcontext instead. However, that is more like hacking
> the source imho.
>   
Well, we can imagine having a plugable mechanism to let advanced users 
to inject their own SslContext. In fact, if you have a better knowledge 
than us on how to do it correctly, that would be perfect, as we may 
inject the code into ADS !

We can tweak the Spring configuration to get the needed parameters and 
inject them into this part of the server.

So, more or less, it's up to you ;)

-- 
--
cordialement, regards,
Emmanuel L├ęcharny
www.iktek.com
directory.apache.org




Mime
View raw message