directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pierre-Arnaud Marcelot (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DIRAPI-40) LdapNetworkConnection should throw an exception when startTls() method is called and the LdapConnectionConfig has the 'useSsl' flag set to true
Date Mon, 14 Feb 2011 07:59:57 GMT

    [ https://issues.apache.org/jira/browse/DIRAPI-40?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12994222#comment-12994222
] 

Pierre-Arnaud Marcelot commented on DIRAPI-40:
----------------------------------------------

> More specifically, the use of LDAPS should be marked as deprecated. StartTLS is the way
to go. 

Yep, I agree. Maybe we should tweak the Javadocs to indicate this.

> The way to get it working is probably to replace the useSSL flag when we create the connection,
to instead use the startTLS extedned request to establish a secure connection. 
>
> I'm quite sure that every server support StartTLS those days, so there is no reason to
not use that in any case. i'm even wondering if we should not use StartTLS even when the user
requires 'ldaps'...

There would be a big problem here because the port specified for the connection would be the
LDAPS port (if the user specifically selected it) and we don't have any idea of the port for
the LDAP (non-SSL) connection.
Furthermore, as an API, I think we should behave the way the user wants. If he asks for LDAPS
and even if it's deprecated and StartTLS is better and supported by his server, we should
do LDAPS...


> LdapNetworkConnection should throw an exception when startTls() method is called and
the LdapConnectionConfig has the 'useSsl' flag set to true
> -----------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: DIRAPI-40
>                 URL: https://issues.apache.org/jira/browse/DIRAPI-40
>             Project: Directory Client API
>          Issue Type: Improvement
>    Affects Versions: 1.0-M1
>            Reporter: Pierre-Arnaud Marcelot
>             Fix For: 1.0-M2
>
>
> LdapNetworkConnection should throw an exception when startTls() method is called and
the LdapConnectionConfig has the 'useSsl' flag set to true.
> I got an error when using the LDAP API inside Studio where I had set the 'useSsl' flag
set to true and was then trying to use the Start TLS extended operation.
> Sure, it was a mistake on my side and the server was not receiving the expected bits
of information, but it would be nice if the connection could warn the user about his wrong
configuration.

-- 
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message