manifoldcf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Naveen.A.N" <anav...@searchblox.com>
Subject Re: Require signature with LDAP
Date Wed, 23 Sep 2015 13:17:16 GMT
Hi Karl,

I am not sure I can work on it now. I will make some test by end of this
week and let you know.

On Wed, Sep 23, 2015 at 4:08 PM, Karl Wright <daddywri@gmail.com> wrote:

> It looks like this is what we'll need to do to allow for SSL connections to
> LDAP:
>
> http://docs.oracle.com/javase/jndi/tutorial/ldap/security/ssl.html
>
> Note that in MCF we do not permit the use of the default keystore, so we'd
> have to override the socket as well with a custom keystore.  This requires
> a connection keystore, plus UI additions to support adding certificates to
> the connection keystore.  CONNECTORS-1244.
>
> I'm happy to work on this but I probably won't get very far until the
> weekend.
>
> In the meantime, it would be great if you could confirm that you could
> connect to your LDAP using the LDAP connector modified to specify an SSL
> connection, with appropriate certificates added to the default Java
> keystore.
>
> Thanks,
> Karl
>
>
> On Wed, Sep 23, 2015 at 6:24 AM, Karl Wright <daddywri@gmail.com> wrote:
>
> > I'm afraid all that the LDAP connector does is use the provided Java LDAP
> > library to connect to LDAP.  You'll have to play around with it until you
> > can get it to work.  Once you figure it out, I'd be happy to change
> > whatever code is needed to help it work in your environment.
> >
> > I'd consider figuring out first of all how to turn on SSL/TLS, since that
> > sounds like it could be the problem.
> >
> > Thanks,
> > Karl
> >
> >
> > On Wed, Sep 23, 2015 at 2:51 AM, Naveen.A.N <anaveen@searchblox.com>
> > wrote:
> >
> >> Hi Karl,
> >>
> >> Yes I am using LDAP Authority Connection .
> >> if I specify the port 636 it fails with Threw exception: 'Naming error:
> >> domainname:636; socket closed'.
> >>
> >> On Wed, Sep 23, 2015 at 11:26 AM, Karl Wright <daddywri@gmail.com>
> wrote:
> >>
> >> > Hi Naveen,
> >> >
> >> > Can you back up a bit, and start with what connector you are using?
> Is
> >> > this the LDAP authority?  If so, you can specify the port.
> >> >
> >> > Karl
> >> >
> >> >
> >> > On Tue, Sep 22, 2015 at 10:27 PM, Naveen.A.N <anaveen@searchblox.com>
> >> > wrote:
> >> >
> >> > > Hi,
> >> > >
> >> > > When i try to connect an LDAP server it gives me this error
> >> > >
> >> > > *Threw exception: 'Naming error: [LDAP: error code 8 - 00002028:
> >> LdapErr:
> >> > > DSID-0C090202, comment: The server requires binds to turn on
> integrity
> >> > > checking if SSL\TLS are not already active on the connection, data
> 0,
> >> > > v2580&#0;]'*
> >> > >
> >> > > When i try to use the ldp.exe and try everything was working fine.
I
> >> > found
> >> > > that if a server uses Required signature in LDAP server it cause
> this
> >> > > issue. Is there any way to fix this?
> >> > >
> >> > > Is there a way to query the secured port?
> >> > > --
> >> > > Thanks and Regards,
> >> > > Naveen A.N
> >> > >
> >> >
> >>
> >>
> >>
> >> --
> >> Thanks and Regards,
> >> Naveen A.N
> >> Lead Software Developer
> >> SearchBlox Software, Inc.
> >> www.searchblox.com
> >> Ph: +91 9445389179
> >>
> >
> >
>



-- 
Thanks and Regards,
Naveen A.N
Lead Software Developer
SearchBlox Software, Inc.
www.searchblox.com
Ph: +91 9445389179

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message