Hi Emmanuel,

  thank you so much for the replay and insight into this topic.
 
  we need to set up a custom sslcontext as we have a custom key
  and trust store for our solution.

  yes, allowing for injection in the code and configuring things
  from the spring side would be an option.
javascript:SetCmd(cmdSend);
  i was wondering why the code wasn't using the socketfactory
  mechanism. that would allow cusotmization by defining the default
  socket factory from the hosting code/environment I would guess.

  Anyway, thanks for the information provided so far.

Regards,
  Michael


-----Original Message-----
From: Emmanuel Lecharny [mailto:elecharny@gmail.com]
Sent: Mon 11/10/2008 8:03 PM
To: Apache Directory Developers List
Subject: Re: Setting Up Custom SSLContext for Ldaps Server

Michael Ibbeken wrote:
> Hi all,
>  
Hi Michael,

>
>   I am somewhat new to ApacheDS. We are using it for user authentication
> but want to connect via ldaps instead of ldap.
>
>   But instead of using ldaps the default way, we need to use a custom
> sslcontext for the connection.
>  
Any reason to use a custom sslContext ? (I'm just curious)

>
>   I wondered how I would do that on the server side of the ldaps
> connection (meaning the apacheds). I could tweak the
>
>   LdapServer class so that it wont call the static method
> LdapsInitializer.init(keyStore) and set up the mina sslfilter
>  
You will have to hack the LdapsInitializer class, as this is where we
initialize the SslContext, before injecting the SslFilter in MINA chain.
>   using my custom sslcontext instead. However, that is more like hacking
> the source imho.
>  
Well, we can imagine having a plugable mechanism to let advanced users
to inject their own SslContext. In fact, if you have a better knowledge
than us on how to do it correctly, that would be perfect, as we may
inject the code into ADS !

We can tweak the Spring configuration to get the needed parameters and
inject them into this part of the server.

So, more or less, it's up to you ;)

--
--
cordialement, regards,
Emmanuel Lécharny
www.iktek.com
directory.apache.org