The SSL connection ability of Java's LDAP library is, sadly, rather limited. I will only be able to implement a "trust everything" version of SSL because of its technical limitations. That means that we basically don't check for certificate validity in the LDAP connector, and assume all certs are OK.
For a client, that's usually fine, but I wanted to mention it in case that was a blocker. Karl On Wed, Sep 23, 2015 at 9:17 AM, Naveen.A.N <[email protected]> wrote: > Hi Karl, > > I am not sure I can work on it now. I will make some test by end of this > week and let you know. > > On Wed, Sep 23, 2015 at 4:08 PM, Karl Wright <[email protected]> wrote: > > > It looks like this is what we'll need to do to allow for SSL connections > to > > LDAP: > > > > http://docs.oracle.com/javase/jndi/tutorial/ldap/security/ssl.html > > > > Note that in MCF we do not permit the use of the default keystore, so > we'd > > have to override the socket as well with a custom keystore. This > requires > > a connection keystore, plus UI additions to support adding certificates > to > > the connection keystore. CONNECTORS-1244. > > > > I'm happy to work on this but I probably won't get very far until the > > weekend. > > > > In the meantime, it would be great if you could confirm that you could > > connect to your LDAP using the LDAP connector modified to specify an SSL > > connection, with appropriate certificates added to the default Java > > keystore. > > > > Thanks, > > Karl > > > > > > On Wed, Sep 23, 2015 at 6:24 AM, Karl Wright <[email protected]> wrote: > > > > > I'm afraid all that the LDAP connector does is use the provided Java > LDAP > > > library to connect to LDAP. You'll have to play around with it until > you > > > can get it to work. Once you figure it out, I'd be happy to change > > > whatever code is needed to help it work in your environment. > > > > > > I'd consider figuring out first of all how to turn on SSL/TLS, since > that > > > sounds like it could be the problem. > > > > > > Thanks, > > > Karl > > > > > > > > > On Wed, Sep 23, 2015 at 2:51 AM, Naveen.A.N <[email protected]> > > > wrote: > > > > > >> Hi Karl, > > >> > > >> Yes I am using LDAP Authority Connection . > > >> if I specify the port 636 it fails with Threw exception: 'Naming > error: > > >> domainname:636; socket closed'. > > >> > > >> On Wed, Sep 23, 2015 at 11:26 AM, Karl Wright <[email protected]> > > wrote: > > >> > > >> > Hi Naveen, > > >> > > > >> > Can you back up a bit, and start with what connector you are using? > > Is > > >> > this the LDAP authority? If so, you can specify the port. > > >> > > > >> > Karl > > >> > > > >> > > > >> > On Tue, Sep 22, 2015 at 10:27 PM, Naveen.A.N < > [email protected]> > > >> > wrote: > > >> > > > >> > > Hi, > > >> > > > > >> > > When i try to connect an LDAP server it gives me this error > > >> > > > > >> > > *Threw exception: 'Naming error: [LDAP: error code 8 - 00002028: > > >> LdapErr: > > >> > > DSID-0C090202, comment: The server requires binds to turn on > > integrity > > >> > > checking if SSL\TLS are not already active on the connection, data > > 0, > > >> > > v2580�]'* > > >> > > > > >> > > When i try to use the ldp.exe and try everything was working > fine. I > > >> > found > > >> > > that if a server uses Required signature in LDAP server it cause > > this > > >> > > issue. Is there any way to fix this? > > >> > > > > >> > > Is there a way to query the secured port? > > >> > > -- > > >> > > Thanks and Regards, > > >> > > Naveen A.N > > >> > > > > >> > > > >> > > >> > > >> > > >> -- > > >> Thanks and Regards, > > >> Naveen A.N > > >> Lead Software Developer > > >> SearchBlox Software, Inc. > > >> www.searchblox.com > > >> Ph: +91 9445389179 > > >> > > > > > > > > > > > > -- > Thanks and Regards, > Naveen A.N > Lead Software Developer > SearchBlox Software, Inc. > www.searchblox.com > Ph: +91 9445389179 >
