thank you so much for the replay and insight into this topic.
we need to set up a custom sslcontext as we have a custom key
and trust store for our solution.
yes, allowing for injection in the code and configuring things
from the spring side would be an option.
i was wondering why the code wasn't using the socketfactory
mechanism. that would allow cusotmization by defining the default
socket factory from the hosting code/environment I would guess.
Anyway, thanks for the information provided so far.
From: Emmanuel Lecharny [mailto:firstname.lastname@example.org]
Sent: Mon 11/10/2008 8:03 PM
To: Apache Directory Developers List
Subject: Re: Setting Up Custom SSLContext for Ldaps Server
Michael Ibbeken wrote:
> Hi all,
> I am somewhat new to ApacheDS. We are using it for user authentication
> but want to connect via ldaps instead of ldap.
> But instead of using ldaps the default way, we need to use a custom
> sslcontext for the connection.
Any reason to use a custom sslContext ? (I'm just curious)
> I wondered how I would do that on the server side of the ldaps
> connection (meaning the apacheds). I could tweak the
> LdapServer class so that it wont call the static method
> LdapsInitializer.init(keyStore) and set up the mina sslfilter
You will have to hack the LdapsInitializer class, as this is where we
initialize the SslContext, before injecting the SslFilter in MINA chain.
> using my custom sslcontext instead. However, that is more like hacking
> the source imho.
Well, we can imagine having a plugable mechanism to let advanced users
to inject their own SslContext. In fact, if you have a better knowledge
than us on how to do it correctly, that would be perfect, as we may
inject the code into ADS !
We can tweak the Spring configuration to get the needed parameters and
inject them into this part of the server.
So, more or less, it's up to you ;)