directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Boorshtein <mboorsht...@gmail.com>
Subject Re: Where can I get the client certificate?
Date Fri, 13 Mar 2015 12:28:15 GMT
>> Well thats untrue.  The certificate can be used for user mapping,
>> authorization, etc.  This is VERY common in the HTTP world.  In a servlet
>> you can get the certificate, DN, etc from the request object.
>>
>> not the case in LDAP, AFAIK
>

OK well if it wasn't the case I wouldn't have folks asking for it :-)


> That being said, I have extended the server (
>> http://sourceforge.net/p/myvd/code/HEAD/tree/trunk/MyVD/src/main/java/org/apache/directory/server/ldap/LdapServer.java)
>> mainly so I can do custom SSL implementations so I can easily create a
>> custom trust manager.  The question becomes how can I associate the cert I
>> get from the trust manager to an LDAP session?  Neither the trust manager
>> nor the keystore actually has that context.
>>
>> likewise you need to extend the LdapSession class as well and inject the
> cert after authentication,
> but to get the actual certificate to inject you need support from MINA.
>
> Modifying the SslFilter should be the right place to pin certificate as a
> property in IoSession instance
>

Thats a great starting point.  Thanks

Mime
View raw message