On Tue, Aug 21, 2012 at 5:09 AM, Nate Seeley <[email protected]> wrote: > I would like to use the LDAP API to allow my java application to query LDAP > over a secure connection. I've read the docs at > http://directory.apache.org/api/connection-and-disconnection.html and still > have a few questions. > > The docs say all we have to do to make the connection secure is to pass > true as a third parameter to the LdapNetworkConnection constructor. > > LdapConnection connection = new LdapNetworkConnection( "localhost", > 636, true ); > > I was wondering the following : > > 1.) How does LdapNetworkConnection know what certificates to trust? I > assume we need to import certificates into a java keystore first, right? > How do I tell LdapNetworkConnection what keystore to use? > 2.) How do I verify the hostname of the server I am connecting to matches > what is on the certificate? for 1 & 2 you need to use a custom TrustManager (set it using LdapConnectionConfig.setTrustManagers()) by default LdapNetworkConnection uses the default TrustManager > 3.) Does the LDAP API support using StartTLS so that I can connect to my > LDAP server on the unsecure port 389 and then upgrade to a TLS/SSL > connection? > yes, call the startTls() after creating the connection > I would appreciate any help you can offer. Thank you for your time, > > Nate > > PS. I'm using the latest version available as of today, which is 1.0.0-M12
-- Kiran Ayyagari http://keydap.com
