Am 2020-01-09 um 01:34 schrieb Christopher Schultz:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
All,
For anyone who has experience with LDAP in Java, I need a little help.
I have some code connecting to an LDAP server and doing all the
wonderful things I want to do, but I'd like to customize the
SSLSocket(Factory) that gets used by the connection to e.g. limit the
cipher suites, provide client certs, a custom trust store, etc.
I've done some Googling and it looks like I can do this:
props.put("java.naming.ldap.factory.socket",
"com.example.CustomSSLSocketFactory" );
But that means that my CustomSSLSocketFatory class must have
hard-coded (or statically set) values for the various settings. Yuck.
The Tomcat code (for JNDIRealm) supports customization for STARTTLS,
and that appears to be able to use a custom SSLSocketFactory
*instance*. But it looks like that requires the use of STARTTLS which
I do not need. I'm working with LDAP-over-TLS.
Has anyone worked with Java's LDAP code enough to know if this is
possible and/or how to do it? I know I can fall-back to a hard-coded
or statically-configured SSLSocketFactory class but I'd prefer
something a little more explicitly-configurable.
Chris,
STARTTLS != LDAPS. STARTTLS is an LDAPv3 extension with its OID. The
cients requests this in-band and the server, if supported, switches to it.
Please clarify why you are mixing a custom socket with STARTTLS?
Do you want to customize the socket or modify the STARTTLS negotiation?
Michael
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
