[jira] Commented: (DIRAPI-40) LdapNetworkConnection should throw an exception when startTls() method is called and the LdapConnectionConfig has the 'useSsl' flag set to true

Mon, 14 Feb 2011 00:00:24 -0800 

    [ 
https://issues.apache.org/jira/browse/DIRAPI-40?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12994222#comment-12994222
 ] 

Pierre-Arnaud Marcelot commented on DIRAPI-40:
----------------------------------------------

> More specifically, the use of LDAPS should be marked as deprecated. StartTLS 
> is the way to go. 

Yep, I agree. Maybe we should tweak the Javadocs to indicate this.

> The way to get it working is probably to replace the useSSL flag when we 
> create the connection, to instead use the startTLS extedned request to 
> establish a secure connection. 
>
> I'm quite sure that every server support StartTLS those days, so there is no 
> reason to not use that in any case. i'm even wondering if we should not use 
> StartTLS even when the user requires 'ldaps'...

There would be a big problem here because the port specified for the connection 
would be the LDAPS port (if the user specifically selected it) and we don't 
have any idea of the port for the LDAP (non-SSL) connection.
Furthermore, as an API, I think we should behave the way the user wants. If he 
asks for LDAPS and even if it's deprecated and StartTLS is better and supported 
by his server, we should do LDAPS...


> LdapNetworkConnection should throw an exception when startTls() method is 
> called and the LdapConnectionConfig has the 'useSsl' flag set to true
> -----------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: DIRAPI-40
>                 URL: https://issues.apache.org/jira/browse/DIRAPI-40
>             Project: Directory Client API
>          Issue Type: Improvement
>    Affects Versions: 1.0-M1
>            Reporter: Pierre-Arnaud Marcelot
>             Fix For: 1.0-M2
>
>
> LdapNetworkConnection should throw an exception when startTls() method is 
> called and the LdapConnectionConfig has the 'useSsl' flag set to true.
> I got an error when using the LDAP API inside Studio where I had set the 
> 'useSsl' flag set to true and was then trying to use the Start TLS extended 
> operation.
> Sure, it was a mistake on my side and the server was not receiving the 
> expected bits of information, but it would be nice if the connection could 
> warn the user about his wrong configuration.

-- 
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to