On Fri, Mar 13, 2015 at 8:28 PM, Marc Boorshtein <[email protected]> wrote:
> > > >>> Well thats untrue. The certificate can be used for user mapping, >>> authorization, etc. This is VERY common in the HTTP world. In a servlet >>> you can get the certificate, DN, etc from the request object. >>> >>> not the case in LDAP, AFAIK >> > > OK well if it wasn't the case I wouldn't have folks asking for it :-) > never heard of such requirement before, curious about the usecase though > > >> That being said, I have extended the server ( >>> http://sourceforge.net/p/myvd/code/HEAD/tree/trunk/MyVD/src/main/java/org/apache/directory/server/ldap/LdapServer.java) >>> mainly so I can do custom SSL implementations so I can easily create a >>> custom trust manager. The question becomes how can I associate the cert I >>> get from the trust manager to an LDAP session? Neither the trust manager >>> nor the keystore actually has that context. >>> >>> likewise you need to extend the LdapSession class as well and inject the >> cert after authentication, >> but to get the actual certificate to inject you need support from MINA. >> >> Modifying the SslFilter should be the right place to pin certificate as a >> property in IoSession instance >> > > Thats a great starting point. Thanks > > -- Kiran Ayyagari http://keydap.com
