On Sat, Nov 16, 2013 at 4:51 PM, Daniel Fisher <[email protected]> wrote:
> On Sat, Nov 16, 2013 at 9:24 AM, Michael Moorman < > [email protected]> wrote: > > > I looked into it and it seems that someone has already requested this > > feature in 2011: https://issues.apache.org/jira/browse/DIRSTUDIO-743 > > > > Is there any interest in enhancing the API to support client certificate > > authentication? It seems like the server project will eventually > implement > > it. I'd wager that there are many others like me out there who use the > > directory API to connect to a non-Apache Directory LDAP servers - not by > > choice, mind you :-) > > > > If you're talking about TLS client authentication, the API supports this: > > http://directory.apache.org/api/gen-docs/latest/apidocs/org/apache/directory/ldap/client/api/LdapConnectionConfig.html#setKeyManagers(javax.net.ssl.KeyManager[]) > > this only validates the server, but server needs a way to verify client's certificate which is not supported right now > If you're referring to SASL external binds, there is an open issue for > this: > https://issues.apache.org/jira/browse/DIRAPI-105 > > --Daniel Fisher > -- Kiran Ayyagari http://keydap.com
