Thank you for your advices. Unfortunalety, I didn't succeed to connect through the 3269 port of the AD.
Using nmap, I can see that this port is opened on the AD server. On another hand, I saw in the CAS User Manual that my "JVM needs to trust the certificate of my enabled LDAP server". I asked the administrator of the AD server to send me the certificate, so I can add it in my JVM trust store, but he didn't answer. Am I going wrong, when I'm waiting for him? Is there a way to obtain by myself that certificate and test again the ldaps connection? Finally, the numerous startTLS steps make me wish that I could use the ldaps way. Best regards -Stéphanie 2009/8/5 Marvin Addison <[email protected]> > > I’m looking to do > > exactly what it is suggested on the forum; i.e., to upgrade the > connection > > to startTLS. > > Following is a brief sketch of how to do that: > 1. Extend AuthenticatedLdapContextSource or LdapContextSource as needed > 2. Get a handle to the underlying javax.naming.ldap.LdapContext > object used for LDAP operations > 3. tls = (StartTlsResponse) context.extendedOperation(new > StartTlsRequest()); > 4. tls.negotiate(); // expensive operation; use LDAP pooling if possible > 5. Perform operations with LdapContext > 6. Restore LdapContext to pool or close it if not pooling. > 7. Before context.close() be sure to call tls.close(). > > As you can see it is substantial work to implement startTLS. You > might consider a much simpler approach if your environment supports > it. I see you're querying the AD global catalog. According to > http://technet.microsoft.com/en-us/library/dd772723(WS.10).aspx<http://technet.microsoft.com/en-us/library/dd772723%28WS.10%29.aspx>, > AD > supports SSL connections to the GC on port 3269 under some > circumstances. > > You might try the following just to see whether it works before going > the startTLS route: > > <bean id="contextSource" > class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource"> > <property name="urls"> > <list> > <value>ldaps://ad.my.org:3269/</value> > </list> > </property> > <property name="baseEnvironmentProperties"> > <map> > <entry> > <key> > <value>java.naming.security.protocol</value> > </key> > <value>ssl</value> > </entry> > </map> > </property> > </bean> > > M > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- - Stéphanie Lanthier -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
