manifoldcf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Karl Wright <daddy...@gmail.com>
Subject Re: Require signature with LDAP
Date Wed, 23 Sep 2015 10:38:36 GMT
It looks like this is what we'll need to do to allow for SSL connections to
LDAP:

http://docs.oracle.com/javase/jndi/tutorial/ldap/security/ssl.html

Note that in MCF we do not permit the use of the default keystore, so we'd
have to override the socket as well with a custom keystore.  This requires
a connection keystore, plus UI additions to support adding certificates to
the connection keystore.  CONNECTORS-1244.

I'm happy to work on this but I probably won't get very far until the
weekend.

In the meantime, it would be great if you could confirm that you could
connect to your LDAP using the LDAP connector modified to specify an SSL
connection, with appropriate certificates added to the default Java
keystore.

Thanks,
Karl


On Wed, Sep 23, 2015 at 6:24 AM, Karl Wright <daddywri@gmail.com> wrote:

> I'm afraid all that the LDAP connector does is use the provided Java LDAP
> library to connect to LDAP.  You'll have to play around with it until you
> can get it to work.  Once you figure it out, I'd be happy to change
> whatever code is needed to help it work in your environment.
>
> I'd consider figuring out first of all how to turn on SSL/TLS, since that
> sounds like it could be the problem.
>
> Thanks,
> Karl
>
>
> On Wed, Sep 23, 2015 at 2:51 AM, Naveen.A.N <anaveen@searchblox.com>
> wrote:
>
>> Hi Karl,
>>
>> Yes I am using LDAP Authority Connection .
>> if I specify the port 636 it fails with Threw exception: 'Naming error:
>> domainname:636; socket closed'.
>>
>> On Wed, Sep 23, 2015 at 11:26 AM, Karl Wright <daddywri@gmail.com> wrote:
>>
>> > Hi Naveen,
>> >
>> > Can you back up a bit, and start with what connector you are using?  Is
>> > this the LDAP authority?  If so, you can specify the port.
>> >
>> > Karl
>> >
>> >
>> > On Tue, Sep 22, 2015 at 10:27 PM, Naveen.A.N <anaveen@searchblox.com>
>> > wrote:
>> >
>> > > Hi,
>> > >
>> > > When i try to connect an LDAP server it gives me this error
>> > >
>> > > *Threw exception: 'Naming error: [LDAP: error code 8 - 00002028:
>> LdapErr:
>> > > DSID-0C090202, comment: The server requires binds to turn on integrity
>> > > checking if SSL\TLS are not already active on the connection, data 0,
>> > > v2580&#0;]'*
>> > >
>> > > When i try to use the ldp.exe and try everything was working fine. I
>> > found
>> > > that if a server uses Required signature in LDAP server it cause this
>> > > issue. Is there any way to fix this?
>> > >
>> > > Is there a way to query the secured port?
>> > > --
>> > > Thanks and Regards,
>> > > Naveen A.N
>> > >
>> >
>>
>>
>>
>> --
>> Thanks and Regards,
>> Naveen A.N
>> Lead Software Developer
>> SearchBlox Software, Inc.
>> www.searchblox.com
>> Ph: +91 9445389179
>>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message