Hi On Mon, Sep 19, 2016 at 10:47 AM, Vithusha Aarabhi <vithu...@wso2.com> wrote:
> Hi All, > > I am an intern who is currently working on the project for implementing a > LDAP Connector for carbon 5 User Core which supports StartTLS. > > StartTLS allows to serialize secure and plain requests against a LDAP > server on a single connection.Where, an initial context is created first > and a TLS can be initiated, followed by a TLS handshake. Any method that is > invoked in the context will use security layer that is negotiated. The TLS > can be terminated without closing the underlying network connection and > the context can be used to communicate with the server without a TLS > security. > > The LDAP connector to be implemented will be consisting the identity > store[1] which is defined with the user management operations and the > credential store[2] that manages the credentials and authentication. > > The credential store methods will be using the security layer by > initializing the StartTLS.And, in identity store, the "write methods" will > be supporting the Start TLS whereas the "read methods" are to be invoked as > plain requests. > +1 for implementing credential store methods and Write operations with StartTLS, Since we do the authentication before connecting to ldap I think its ok to do the read operations without StartTLS, Anyway this should be enabled by a configurations, better to check the StartTLS enabled property before starting StartTLS. This allow users to directly use LDAPS if they like and if their suer store does not support StartTLS it won't make any issues. Thanks, Ishara > [1]https://github.com/wso2/carbon-security/blob/master/ > components/org.wso2.carbon.security.caas/src/main/java/ > org/wso2/carbon/security/caas/user/core/store/IdentityStore.java > <https://www.google.com/url?q=https%3A%2F%2Fgithub.com%2Fwso2%2Fcarbon-security%2Fblob%2Fmaster%2Fcomponents%2Forg.wso2.carbon.security.caas%2Fsrc%2Fmain%2Fjava%2Forg%2Fwso2%2Fcarbon%2Fsecurity%2Fcaas%2Fuser%2Fcore%2Fstore%2FIdentityStore.java&sa=D&sntz=1&usg=AFQjCNGHPALQiY61bk_QwCmrPPCedxdHrQ> > > [2]https://github.com/wso2/carbon-security/blob/master/ > components/org.wso2.carbon.security.caas/src/main/java/ > org/wso2/carbon/security/caas/user/core/store/CredentialStore.java > > > If there are any suggestions for changes, please do reply and specify. > > > Regards, > > Vithusha Aarabhi > Intern ,Software Engineering > WSO2, Inc. > Lean. Enterprise. Middleware. > Mobile: +94772069460 > > _______________________________________________ > Architecture mailing list > Architecture@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Ishara Karunarathna Associate Technical Lead WSO2 Inc. - lean . enterprise . middleware | wso2.com email: isha...@wso2.com, blog: isharaaruna.blogspot.com, mobile: +94717996791
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
