Return-Path: 
 <api-return-421-apmail-directory-api-archive=directory.apache.org@directory.apache.org>
X-Original-To: apmail-directory-api-archive@minotaur.apache.org
Delivered-To: apmail-directory-api-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id C8040109F5
	for <apmail-directory-api-archive@minotaur.apache.org>;
 Sat, 16 Nov 2013 15:52:34 +0000 (UTC)
Received: (qmail 35163 invoked by uid 500); 16 Nov 2013 15:52:33 -0000
Delivered-To: apmail-directory-api-archive@directory.apache.org
Received: (qmail 35090 invoked by uid 500); 16 Nov 2013 15:52:29 -0000
Mailing-List: contact api-help@directory.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:api-help@directory.apache.org>
List-Unsubscribe: <mailto:api-unsubscribe@directory.apache.org>
List-Post: <mailto:api@directory.apache.org>
List-Id: <api.directory.apache.org>
Reply-To: api@directory.apache.org
Delivered-To: mailing list api@directory.apache.org
Received: (qmail 35082 invoked by uid 99); 16 Nov 2013 15:52:28 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 16 Nov 2013 15:52:28 +0000
X-ASF-Spam-Status: No, hits=1.5 required=5.0
	tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of dfisher@vt.edu designates
 198.82.162.213 as permitted sender)
Received: from [198.82.162.213] (HELO lennier.cc.vt.edu) (198.82.162.213)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 16 Nov 2013 15:52:19 +0000
Received: from mr2.cc.vt.edu (mr2.cc.vt.edu [198.82.163.74])
	by lennier.cc.vt.edu (8.13.8/8.13.8) with ESMTP id rAGFpwPO016207
	for <api@directory.apache.org>; Sat, 16 Nov 2013 10:51:58 -0500
Received: from mail-ve0-f176.google.com (mail-ve0-f176.google.com
 [209.85.128.176])
	by mr2.cc.vt.edu (8.14.4/8.14.4) with ESMTP id rAGFpvYO022034
	for <api@directory.apache.org>; Sat, 16 Nov 2013 10:51:57 -0500
Received: by mail-ve0-f176.google.com with SMTP id c14so3777813vea.7
        for <api@directory.apache.org>; Sat, 16 Nov 2013 07:51:57 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:content-type;
        bh=Q9WTSz2+Z5TjZb6//6Aj0wpr6ZAyWTSrlamQmCzRx+Y=;
        b=fDheIf60AnPTCXKHWA4EJ9BEcBA64TpzSxtotiJLyJFkFPIOKRZRbdXbWjvCLXWIJ5
         mkvta9SuYxmWi8ewO4FhyYBsqwf08WmucEa0plVBkquSvl8hXLuCtscvYenBer59MGi6
         gEc+IoyTZt4CggpwG6Cg8eObTYvHMTaCmy/g+aR44d8ET8QmzksJcTlOOEgkUqPoEZfO
         o3D4AVYdCAHeps0PmqyPWhEUEygwOh58gpxtJHxx6JIuHLgUGu3BzwM3VA/pGW6/UpRZ
         38MA8WZVqH/xNa4/ljuFZhvh87TClD0aizqKywrTGe0vflL4YieD2JX43N8p2fQpk48E
         Kfzg==
X-Gm-Message-State: 
 ALoCoQngCyGYV6EjWXhZf+fHOwktatsxaXYHyR27eieuVl+jdQgcHCwsrhODEdZ7osJcSNnZiogJ/Uk91HIKB0tOqcGsZfrSRPqUGJatO5j+x7FzQcKQcHvYNdYCddGowuhf/sH6pM1elWxU91WaIxkVA58lxFnGH4GfmpKjTiDlxqhRDP8wFtc=
X-Received: by 10.52.160.130 with SMTP id xk2mr6535825vdb.24.1384617117646;
        Sat, 16 Nov 2013 07:51:57 -0800 (PST)
X-Received: by 10.52.160.130 with SMTP id xk2mr6535815vdb.24.1384617117502;
 Sat, 16 Nov 2013 07:51:57 -0800 (PST)
MIME-Version: 1.0
Received: by 10.52.176.7 with HTTP; Sat, 16 Nov 2013 07:51:37 -0800 (PST)
In-Reply-To: 
 <CAE6QqXP9Tv6GTeaw7ReDNoM0dBuu+3Z5QsD58CcJ1R=Xc1goLg@mail.gmail.com>
References: 
 <CAE6QqXOs1Hym0JucgAQQgdergqZKFaY-oOWcEbwdCQJiRwbT9w@mail.gmail.com>
 <CABzFU-cmzB4Rvgpmpb6dJFebTzoibKZQR2g_6qHiMzhs_8F85Q@mail.gmail.com>
 <CAE6QqXP9Tv6GTeaw7ReDNoM0dBuu+3Z5QsD58CcJ1R=Xc1goLg@mail.gmail.com>
From: Daniel Fisher <dfisher@vt.edu>
Date: Sat, 16 Nov 2013 10:51:37 -0500
Message-ID: 
 <CAFC6YwRW4kNaKtsoHj-Gw2sKR0Sn=xcxO0OcP=BxQFovtP6K5Q@mail.gmail.com>
Subject: Re: X509 Certificate based authentication w/ssl
To: api@directory.apache.org
Content-Type: multipart/alternative; boundary=089e0160caae705f7604eb4d4bb7
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mr2.cc.vt.edu
X-Virus-Checked: Checked by ClamAV on apache.org
X-Old-Spam-Status: No, score=-0.7 required=5.0 tests=HTML_MESSAGE,
	RCVD_IN_DNSWL_LOW autolearn=disabled version=3.3.1

--089e0160caae705f7604eb4d4bb7
Content-Type: text/plain; charset=ISO-8859-1

On Sat, Nov 16, 2013 at 9:24 AM, Michael Moorman <
michael.e.moorman@gmail.com> wrote:

> I looked into it and it seems that someone has already requested this
> feature in 2011: https://issues.apache.org/jira/browse/DIRSTUDIO-743
>
> Is there any interest in enhancing the API to support client certificate
> authentication? It seems like the server project will eventually implement
> it.  I'd wager that there are many others like me out there who use the
> directory API to connect to a non-Apache Directory LDAP servers - not by
> choice, mind you :-)
>

If you're talking about TLS client authentication, the API supports this:
http://directory.apache.org/api/gen-docs/latest/apidocs/org/apache/directory/ldap/client/api/LdapConnectionConfig.html#setKeyManagers(javax.net.ssl.KeyManager[])

If you're referring to SASL external binds, there is an open issue for this:
https://issues.apache.org/jira/browse/DIRAPI-105

--Daniel Fisher

--089e0160caae705f7604eb4d4bb7--