directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <kayyag...@apache.org>
Subject Re: X509 Certificate based authentication w/ssl
Date Sat, 16 Nov 2013 16:32:05 GMT
On Sat, Nov 16, 2013 at 4:51 PM, Daniel Fisher <dfisher@vt.edu> wrote:

> On Sat, Nov 16, 2013 at 9:24 AM, Michael Moorman <
> michael.e.moorman@gmail.com> wrote:
>
> > I looked into it and it seems that someone has already requested this
> > feature in 2011: https://issues.apache.org/jira/browse/DIRSTUDIO-743
> >
> > Is there any interest in enhancing the API to support client certificate
> > authentication? It seems like the server project will eventually
> implement
> > it.  I'd wager that there are many others like me out there who use the
> > directory API to connect to a non-Apache Directory LDAP servers - not by
> > choice, mind you :-)
> >
>
> If you're talking about TLS client authentication, the API supports this:
>
> http://directory.apache.org/api/gen-docs/latest/apidocs/org/apache/directory/ldap/client/api/LdapConnectionConfig.html#setKeyManagers(javax.net.ssl.KeyManager[])
>
> this only validates the server, but server needs a way to verify client's
certificate which
is not supported right now

> If you're referring to SASL external binds, there is an open issue for
> this:
> https://issues.apache.org/jira/browse/DIRAPI-105
>
> --Daniel Fisher
>



-- 
Kiran Ayyagari
http://keydap.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message