directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <kayyag...@apache.org>
Subject Re: Where can I get the client certificate?
Date Fri, 13 Mar 2015 12:35:01 GMT
On Fri, Mar 13, 2015 at 8:28 PM, Marc Boorshtein <mboorshtein@gmail.com>
wrote:

>
>
>
>>> Well thats untrue.  The certificate can be used for user mapping,
>>> authorization, etc.  This is VERY common in the HTTP world.  In a servlet
>>> you can get the certificate, DN, etc from the request object.
>>>
>>> not the case in LDAP, AFAIK
>>
>
> OK well if it wasn't the case I wouldn't have folks asking for it :-)
>
never heard of such requirement before, curious about the usecase though

>
>
>> That being said, I have extended the server (
>>> http://sourceforge.net/p/myvd/code/HEAD/tree/trunk/MyVD/src/main/java/org/apache/directory/server/ldap/LdapServer.java)
>>> mainly so I can do custom SSL implementations so I can easily create a
>>> custom trust manager.  The question becomes how can I associate the cert I
>>> get from the trust manager to an LDAP session?  Neither the trust manager
>>> nor the keystore actually has that context.
>>>
>>> likewise you need to extend the LdapSession class as well and inject the
>> cert after authentication,
>> but to get the actual certificate to inject you need support from MINA.
>>
>> Modifying the SslFilter should be the right place to pin certificate as a
>> property in IoSession instance
>>
>
> Thats a great starting point.  Thanks
>
>



-- 
Kiran Ayyagari
http://keydap.com

Mime
View raw message