>> Well thats untrue. The certificate can be used for user mapping, >> authorization, etc. This is VERY common in the HTTP world. In a servlet >> you can get the certificate, DN, etc from the request object. >> >> not the case in LDAP, AFAIK >
OK well if it wasn't the case I wouldn't have folks asking for it :-) > That being said, I have extended the server ( >> http://sourceforge.net/p/myvd/code/HEAD/tree/trunk/MyVD/src/main/java/org/apache/directory/server/ldap/LdapServer.java) >> mainly so I can do custom SSL implementations so I can easily create a >> custom trust manager. The question becomes how can I associate the cert I >> get from the trust manager to an LDAP session? Neither the trust manager >> nor the keystore actually has that context. >> >> likewise you need to extend the LdapSession class as well and inject the > cert after authentication, > but to get the actual certificate to inject you need support from MINA. > > Modifying the SslFilter should be the right place to pin certificate as a > property in IoSession instance > Thats a great starting point. Thanks
