On Mon, Sep 19, 2016 at 10:47 AM, Vithusha Aarabhi <vithu...@wso2.com>
> Hi All,
> I am an intern who is currently working on the project for implementing a
> LDAP Connector for carbon 5 User Core which supports StartTLS.
> StartTLS allows to serialize secure and plain requests against a LDAP
> server on a single connection.Where, an initial context is created first
> and a TLS can be initiated, followed by a TLS handshake. Any method that is
> invoked in the context will use security layer that is negotiated. The TLS
> can be terminated without closing the underlying network connection and
> the context can be used to communicate with the server without a TLS
> The LDAP connector to be implemented will be consisting the identity
> store which is defined with the user management operations and the
> credential store that manages the credentials and authentication.
> The credential store methods will be using the security layer by
> initializing the StartTLS.And, in identity store, the "write methods" will
> be supporting the Start TLS whereas the "read methods" are to be invoked as
> plain requests.
+1 for implementing credential store methods and Write operations with
StartTLS, Since we do the authentication before connecting to ldap I think
its ok to do the read operations without StartTLS,
Anyway this should be enabled by a configurations, better to check the
StartTLS enabled property before starting StartTLS.
This allow users to directly use LDAPS if they like and if their suer store
does not support StartTLS it won't make any issues.
> If there are any suggestions for changes, please do reply and specify.
> Vithusha Aarabhi
> Intern ,Software Engineering
> WSO2, Inc.
> Lean. Enterprise. Middleware.
> Mobile: +94772069460
> Architecture mailing list
Associate Technical Lead
WSO2 Inc. - lean . enterprise . middleware | wso2.com
email: isha...@wso2.com, blog: isharaaruna.blogspot.com, mobile:
Architecture mailing list