-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
All,
For anyone who has experience with LDAP in Java, I need a little help.
I have some code connecting to an LDAP server and doing all the
wonderful things I want to do, but I'd like to customize the
SSLSocket(Factory) that gets used by the connection to e.g. limit the
cipher suites, provide client certs, a custom trust store, etc.
I've done some Googling and it looks like I can do this:
props.put("java.naming.ldap.factory.socket",
"com.example.CustomSSLSocketFactory" );
But that means that my CustomSSLSocketFatory class must have
hard-coded (or statically set) values for the various settings. Yuck.
The Tomcat code (for JNDIRealm) supports customization for STARTTLS,
and that appears to be able to use a custom SSLSocketFactory
*instance*. But it looks like that requires the use of STARTTLS which
I do not need. I'm working with LDAP-over-TLS.
Has anyone worked with Java's LDAP code enough to know if this is
possible and/or how to do it? I know I can fall-back to a hard-coded
or statically-configured SSLSocketFactory class but I'd prefer
something a little more explicitly-configurable.
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl4WdQoACgkQHPApP6U8
pFge3BAAn/wXpFFpXj8S8ZBnfxE4+zDoJvN673IstXSyaIqw60Bb+VzVMhZVvs2+
JsfwaRCeHmNAqy6J81iGra4ulZipaQD39WZJjXlh6+3+v4vgc+Ow6AwnlkJ5xpBL
mhk7xf8rYHebTUOflCZzpVw5jw7u5rGbVySpobxce0HqIHdAslBWq8ST5z1jHLv7
NUqfJT7klhsHQZT3mUP/t9/ibA+cj06IJsrO86lYqy/00Q3PRPIm3yO3xlYacbl0
UboEaUpnfidwVqc/oLSVLt/fpJ0UqqiNYvk6YFIY4/6jbbxJGFzcCtvZw5XVlnpm
IAHU09B5Oc3rYP3/7fqS5NqkqlY+lp4AalPQTc4olOpGJ7qPOgcSoBBmaJ/VlMMz
Yzjw1Aa+H4rLlf2W/NRGs+1fVio97NUXuNHhvKKszr2lEdqh0mMg5DTS53ao0HRL
1Qo8HZ58XUJrQGI8ty2a5PZni5nek013b/AN5Ze+0KMAHPdKP4M2O5YyOUjkGa3O
++RDbOx6Gb37j0oaI5J4dmmHO/2BnoQHDXE4shhYJi9Bh48bfeyqmUEJ2Q1CfdWu
mqc8j6GOkvTvZqxHV2qVBmNhF2kfm5M0iNR+td08eKdy3Yr3izd6389lJvcKhVHJ
19yYYx0/e+ww6TPUQY6jfaNVbrofrdBpu0GirD/lMMM6dN+1/cg=
=n5Es
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
