-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 All,
For anyone who has experience with LDAP in Java, I need a little help. I have some code connecting to an LDAP server and doing all the wonderful things I want to do, but I'd like to customize the SSLSocket(Factory) that gets used by the connection to e.g. limit the cipher suites, provide client certs, a custom trust store, etc. I've done some Googling and it looks like I can do this: props.put("java.naming.ldap.factory.socket", "com.example.CustomSSLSocketFactory" ); But that means that my CustomSSLSocketFatory class must have hard-coded (or statically set) values for the various settings. Yuck. The Tomcat code (for JNDIRealm) supports customization for STARTTLS, and that appears to be able to use a custom SSLSocketFactory *instance*. But it looks like that requires the use of STARTTLS which I do not need. I'm working with LDAP-over-TLS. Has anyone worked with Java's LDAP code enough to know if this is possible and/or how to do it? I know I can fall-back to a hard-coded or statically-configured SSLSocketFactory class but I'd prefer something a little more explicitly-configurable. - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl4WdQoACgkQHPApP6U8 pFge3BAAn/wXpFFpXj8S8ZBnfxE4+zDoJvN673IstXSyaIqw60Bb+VzVMhZVvs2+ JsfwaRCeHmNAqy6J81iGra4ulZipaQD39WZJjXlh6+3+v4vgc+Ow6AwnlkJ5xpBL mhk7xf8rYHebTUOflCZzpVw5jw7u5rGbVySpobxce0HqIHdAslBWq8ST5z1jHLv7 NUqfJT7klhsHQZT3mUP/t9/ibA+cj06IJsrO86lYqy/00Q3PRPIm3yO3xlYacbl0 UboEaUpnfidwVqc/oLSVLt/fpJ0UqqiNYvk6YFIY4/6jbbxJGFzcCtvZw5XVlnpm IAHU09B5Oc3rYP3/7fqS5NqkqlY+lp4AalPQTc4olOpGJ7qPOgcSoBBmaJ/VlMMz Yzjw1Aa+H4rLlf2W/NRGs+1fVio97NUXuNHhvKKszr2lEdqh0mMg5DTS53ao0HRL 1Qo8HZ58XUJrQGI8ty2a5PZni5nek013b/AN5Ze+0KMAHPdKP4M2O5YyOUjkGa3O ++RDbOx6Gb37j0oaI5J4dmmHO/2BnoQHDXE4shhYJi9Bh48bfeyqmUEJ2Q1CfdWu mqc8j6GOkvTvZqxHV2qVBmNhF2kfm5M0iNR+td08eKdy3Yr3izd6389lJvcKhVHJ 19yYYx0/e+ww6TPUQY6jfaNVbrofrdBpu0GirD/lMMM6dN+1/cg= =n5Es -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org