manifoldcf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Naveen.A.N" <anav...@searchblox.com>
Subject Re: Require signature with LDAP
Date Wed, 23 Sep 2015 14:04:01 GMT
Okay, Lets try if it works it will be good :)

On Wed, Sep 23, 2015 at 7:02 PM, Karl Wright <daddywri@gmail.com> wrote:

> The SSL connection ability of Java's LDAP library is, sadly, rather
> limited.  I will only be able to implement a "trust everything" version of
> SSL because of its technical limitations.  That means that we basically
> don't check for certificate validity in the LDAP connector, and assume all
> certs are OK.
>
> For a client, that's usually fine, but I wanted to mention it in case that
> was a blocker.
>
> Karl
>
>
> On Wed, Sep 23, 2015 at 9:17 AM, Naveen.A.N <anaveen@searchblox.com>
> wrote:
>
> > Hi Karl,
> >
> > I am not sure I can work on it now. I will make some test by end of this
> > week and let you know.
> >
> > On Wed, Sep 23, 2015 at 4:08 PM, Karl Wright <daddywri@gmail.com> wrote:
> >
> > > It looks like this is what we'll need to do to allow for SSL
> connections
> > to
> > > LDAP:
> > >
> > > http://docs.oracle.com/javase/jndi/tutorial/ldap/security/ssl.html
> > >
> > > Note that in MCF we do not permit the use of the default keystore, so
> > we'd
> > > have to override the socket as well with a custom keystore.  This
> > requires
> > > a connection keystore, plus UI additions to support adding certificates
> > to
> > > the connection keystore.  CONNECTORS-1244.
> > >
> > > I'm happy to work on this but I probably won't get very far until the
> > > weekend.
> > >
> > > In the meantime, it would be great if you could confirm that you could
> > > connect to your LDAP using the LDAP connector modified to specify an
> SSL
> > > connection, with appropriate certificates added to the default Java
> > > keystore.
> > >
> > > Thanks,
> > > Karl
> > >
> > >
> > > On Wed, Sep 23, 2015 at 6:24 AM, Karl Wright <daddywri@gmail.com>
> wrote:
> > >
> > > > I'm afraid all that the LDAP connector does is use the provided Java
> > LDAP
> > > > library to connect to LDAP.  You'll have to play around with it until
> > you
> > > > can get it to work.  Once you figure it out, I'd be happy to change
> > > > whatever code is needed to help it work in your environment.
> > > >
> > > > I'd consider figuring out first of all how to turn on SSL/TLS, since
> > that
> > > > sounds like it could be the problem.
> > > >
> > > > Thanks,
> > > > Karl
> > > >
> > > >
> > > > On Wed, Sep 23, 2015 at 2:51 AM, Naveen.A.N <anaveen@searchblox.com>
> > > > wrote:
> > > >
> > > >> Hi Karl,
> > > >>
> > > >> Yes I am using LDAP Authority Connection .
> > > >> if I specify the port 636 it fails with Threw exception: 'Naming
> > error:
> > > >> domainname:636; socket closed'.
> > > >>
> > > >> On Wed, Sep 23, 2015 at 11:26 AM, Karl Wright <daddywri@gmail.com>
> > > wrote:
> > > >>
> > > >> > Hi Naveen,
> > > >> >
> > > >> > Can you back up a bit, and start with what connector you are
> using?
> > > Is
> > > >> > this the LDAP authority?  If so, you can specify the port.
> > > >> >
> > > >> > Karl
> > > >> >
> > > >> >
> > > >> > On Tue, Sep 22, 2015 at 10:27 PM, Naveen.A.N <
> > anaveen@searchblox.com>
> > > >> > wrote:
> > > >> >
> > > >> > > Hi,
> > > >> > >
> > > >> > > When i try to connect an LDAP server it gives me this error
> > > >> > >
> > > >> > > *Threw exception: 'Naming error: [LDAP: error code 8 - 00002028:
> > > >> LdapErr:
> > > >> > > DSID-0C090202, comment: The server requires binds to turn
on
> > > integrity
> > > >> > > checking if SSL\TLS are not already active on the connection,
> data
> > > 0,
> > > >> > > v2580&#0;]'*
> > > >> > >
> > > >> > > When i try to use the ldp.exe and try everything was working
> > fine. I
> > > >> > found
> > > >> > > that if a server uses Required signature in LDAP server
it cause
> > > this
> > > >> > > issue. Is there any way to fix this?
> > > >> > >
> > > >> > > Is there a way to query the secured port?
> > > >> > > --
> > > >> > > Thanks and Regards,
> > > >> > > Naveen A.N
> > > >> > >
> > > >> >
> > > >>
> > > >>
> > > >>
> > > >> --
> > > >> Thanks and Regards,
> > > >> Naveen A.N
> > > >> Lead Software Developer
> > > >> SearchBlox Software, Inc.
> > > >> www.searchblox.com
> > > >> Ph: +91 9445389179
> > > >>
> > > >
> > > >
> > >
> >
> >
> >
> > --
> > Thanks and Regards,
> > Naveen A.N
> > Lead Software Developer
> > SearchBlox Software, Inc.
> > www.searchblox.com
> > Ph: +91 9445389179
> >
>



-- 
Thanks and Regards,
Naveen A.N
Lead Software Developer
SearchBlox Software, Inc.
www.searchblox.com
Ph: +91 9445389179

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message