> I’m looking to do > exactly what it is suggested on the forum; i.e., to upgrade the connection > to startTLS.
Following is a brief sketch of how to do that: 1. Extend AuthenticatedLdapContextSource or LdapContextSource as needed 2. Get a handle to the underlying javax.naming.ldap.LdapContext object used for LDAP operations 3. tls = (StartTlsResponse) context.extendedOperation(new StartTlsRequest()); 4. tls.negotiate(); // expensive operation; use LDAP pooling if possible 5. Perform operations with LdapContext 6. Restore LdapContext to pool or close it if not pooling. 7. Before context.close() be sure to call tls.close(). As you can see it is substantial work to implement startTLS. You might consider a much simpler approach if your environment supports it. I see you're querying the AD global catalog. According to http://technet.microsoft.com/en-us/library/dd772723(WS.10).aspx, AD supports SSL connections to the GC on port 3269 under some circumstances. You might try the following just to see whether it works before going the startTLS route: <bean id="contextSource" class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource"> <property name="urls"> <list> <value>ldaps://ad.my.org:3269/</value> </list> </property> <property name="baseEnvironmentProperties"> <map> <entry> <key> <value>java.naming.security.protocol</value> </key> <value>ssl</value> </entry> </map> </property> </bean> M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
