On Sat, Nov 16, 2013 at 4:51 PM, Daniel Fisher <dfisher@vt.edu> wrote:
> On Sat, Nov 16, 2013 at 9:24 AM, Michael Moorman <
> michael.e.moorman@gmail.com> wrote:
>
> > I looked into it and it seems that someone has already requested this
> > feature in 2011: https://issues.apache.org/jira/browse/DIRSTUDIO-743
> >
> > Is there any interest in enhancing the API to support client certificate
> > authentication? It seems like the server project will eventually
> implement
> > it. I'd wager that there are many others like me out there who use the
> > directory API to connect to a non-Apache Directory LDAP servers - not by
> > choice, mind you :-)
> >
>
> If you're talking about TLS client authentication, the API supports this:
>
> http://directory.apache.org/api/gen-docs/latest/apidocs/org/apache/directory/ldap/client/api/LdapConnectionConfig.html#setKeyManagers(javax.net.ssl.KeyManager[])
>
> this only validates the server, but server needs a way to verify client's
certificate which
is not supported right now
> If you're referring to SASL external binds, there is an open issue for
> this:
> https://issues.apache.org/jira/browse/DIRAPI-105
>
> --Daniel Fisher
>
--
Kiran Ayyagari
http://keydap.com
|