Return-Path: Delivered-To: apmail-directory-dev-archive@www.apache.org Received: (qmail 21536 invoked from network); 12 Feb 2011 08:57:21 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 12 Feb 2011 08:57:21 -0000 Received: (qmail 2481 invoked by uid 500); 12 Feb 2011 08:57:21 -0000 Delivered-To: apmail-directory-dev-archive@directory.apache.org Received: (qmail 2292 invoked by uid 500); 12 Feb 2011 08:57:19 -0000 Mailing-List: contact dev-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Apache Directory Developers List" Delivered-To: mailing list dev@directory.apache.org Received: (qmail 2285 invoked by uid 99); 12 Feb 2011 08:57:18 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 12 Feb 2011 08:57:18 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of elecharny@gmail.com designates 209.85.214.50 as permitted sender) Received: from [209.85.214.50] (HELO mail-bw0-f50.google.com) (209.85.214.50) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 12 Feb 2011 08:57:11 +0000 Received: by bwg12 with SMTP id 12so4703003bwg.37 for ; Sat, 12 Feb 2011 00:56:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:message-id:date:from:reply-to:user-agent :mime-version:to:subject:references:in-reply-to:content-type :content-transfer-encoding; bh=fhxFgHoSjX5nUNu7vFHKP55YAuUGfppPkEwaiR4eDt0=; b=ZK41h/eFmDtDTCQF/qXS9E5MAQwvusW9BDY2tVNE+XZ52DKpGWpyoWMY9anymaUiIT P/d6BD4AFDhBlPldmllf8tDVwVrDZXlDWSPDPXB+COmtkph084Kl2ZmztmoTkvfNIjvI +xz86SkGeFqEv6r020v4Pv8UkMziMZwBr2SDA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:reply-to:user-agent:mime-version:to:subject :references:in-reply-to:content-type:content-transfer-encoding; b=MZxLOcjfFboxvZ4zI6+DLKCJ5+vZDsO0vYM0j70KJTQVqauiKSP5EaX8K1KzlBzV7f G2zaJeE0l1VjTvv75gGfMIO3JSmHBB00nKckH8CD/v0UcLrA8MCViOi31Je5O3QG0km9 8oiYGe9Z2BdVDiS/MDJa9gJ8Co1o4bfi0oUC0= Received: by 10.204.101.83 with SMTP id b19mr10439698bko.199.1297501009874; Sat, 12 Feb 2011 00:56:49 -0800 (PST) Received: from emmanuel-lecharnys-MacBook-Pro.local (ran75-1-78-192-106-184.fbxo.proxad.net [78.192.106.184]) by mx.google.com with ESMTPS id a17sm149318bku.11.2011.02.12.00.56.47 (version=TLSv1/SSLv3 cipher=OTHER); Sat, 12 Feb 2011 00:56:48 -0800 (PST) Message-ID: <4D564B4E.7070304@gmail.com> Date: Sat, 12 Feb 2011 09:56:46 +0100 From: Emmanuel Lecharny Reply-To: elecharny@apache.org User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.13) Gecko/20101207 Thunderbird/3.1.7 MIME-Version: 1.0 To: Apache Directory Developers List Subject: Re: [jira] Commented: (DIRAPI-40) LdapNetworkConnection should throw an exception when startTls() method is called and the LdapConnectionConfig has the 'useSsl' flag set to true References: <1839114660.9293.1297382577632.JavaMail.tomcat@hel.zones.apache.org> <4D54BF6B.1090208@gmx.de> In-Reply-To: <4D54BF6B.1090208@gmx.de> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit On 2/11/11 5:47 AM, Antoine Levy-Lambert wrote: > Hello Emmanuel, > > forgive my ignorance. Does startTLS work fine over a Firewall ? > > I am asking because on the site where I am working in my day job we are > using LDAPS over a Firewall. First, LDAPS is deprecated since LDAP V2. I know that everybody still uses it, but that's a mistake, or more probably inertia at work. Second, considering that StartTLS is an extended operation, and that it's send on the normal LDAP port, there is no reason it can't be used over a firewall. -- Regards, Cordialement, Emmanuel Lécharny www.iktek.com