Okay, Lets try if it works it will be good :) On Wed, Sep 23, 2015 at 7:02 PM, Karl Wright <[email protected]> wrote:
> The SSL connection ability of Java's LDAP library is, sadly, rather > limited. I will only be able to implement a "trust everything" version of > SSL because of its technical limitations. That means that we basically > don't check for certificate validity in the LDAP connector, and assume all > certs are OK. > > For a client, that's usually fine, but I wanted to mention it in case that > was a blocker. > > Karl > > > On Wed, Sep 23, 2015 at 9:17 AM, Naveen.A.N <[email protected]> > wrote: > > > Hi Karl, > > > > I am not sure I can work on it now. I will make some test by end of this > > week and let you know. > > > > On Wed, Sep 23, 2015 at 4:08 PM, Karl Wright <[email protected]> wrote: > > > > > It looks like this is what we'll need to do to allow for SSL > connections > > to > > > LDAP: > > > > > > http://docs.oracle.com/javase/jndi/tutorial/ldap/security/ssl.html > > > > > > Note that in MCF we do not permit the use of the default keystore, so > > we'd > > > have to override the socket as well with a custom keystore. This > > requires > > > a connection keystore, plus UI additions to support adding certificates > > to > > > the connection keystore. CONNECTORS-1244. > > > > > > I'm happy to work on this but I probably won't get very far until the > > > weekend. > > > > > > In the meantime, it would be great if you could confirm that you could > > > connect to your LDAP using the LDAP connector modified to specify an > SSL > > > connection, with appropriate certificates added to the default Java > > > keystore. > > > > > > Thanks, > > > Karl > > > > > > > > > On Wed, Sep 23, 2015 at 6:24 AM, Karl Wright <[email protected]> > wrote: > > > > > > > I'm afraid all that the LDAP connector does is use the provided Java > > LDAP > > > > library to connect to LDAP. You'll have to play around with it until > > you > > > > can get it to work. Once you figure it out, I'd be happy to change > > > > whatever code is needed to help it work in your environment. > > > > > > > > I'd consider figuring out first of all how to turn on SSL/TLS, since > > that > > > > sounds like it could be the problem. > > > > > > > > Thanks, > > > > Karl > > > > > > > > > > > > On Wed, Sep 23, 2015 at 2:51 AM, Naveen.A.N <[email protected]> > > > > wrote: > > > > > > > >> Hi Karl, > > > >> > > > >> Yes I am using LDAP Authority Connection . > > > >> if I specify the port 636 it fails with Threw exception: 'Naming > > error: > > > >> domainname:636; socket closed'. > > > >> > > > >> On Wed, Sep 23, 2015 at 11:26 AM, Karl Wright <[email protected]> > > > wrote: > > > >> > > > >> > Hi Naveen, > > > >> > > > > >> > Can you back up a bit, and start with what connector you are > using? > > > Is > > > >> > this the LDAP authority? If so, you can specify the port. > > > >> > > > > >> > Karl > > > >> > > > > >> > > > > >> > On Tue, Sep 22, 2015 at 10:27 PM, Naveen.A.N < > > [email protected]> > > > >> > wrote: > > > >> > > > > >> > > Hi, > > > >> > > > > > >> > > When i try to connect an LDAP server it gives me this error > > > >> > > > > > >> > > *Threw exception: 'Naming error: [LDAP: error code 8 - 00002028: > > > >> LdapErr: > > > >> > > DSID-0C090202, comment: The server requires binds to turn on > > > integrity > > > >> > > checking if SSL\TLS are not already active on the connection, > data > > > 0, > > > >> > > v2580�]'* > > > >> > > > > > >> > > When i try to use the ldp.exe and try everything was working > > fine. I > > > >> > found > > > >> > > that if a server uses Required signature in LDAP server it cause > > > this > > > >> > > issue. Is there any way to fix this? > > > >> > > > > > >> > > Is there a way to query the secured port? > > > >> > > -- > > > >> > > Thanks and Regards, > > > >> > > Naveen A.N > > > >> > > > > > >> > > > > >> > > > >> > > > >> > > > >> -- > > > >> Thanks and Regards, > > > >> Naveen A.N > > > >> Lead Software Developer > > > >> SearchBlox Software, Inc. > > > >> www.searchblox.com > > > >> Ph: +91 9445389179 > > > >> > > > > > > > > > > > > > > > > > > > -- > > Thanks and Regards, > > Naveen A.N > > Lead Software Developer > > SearchBlox Software, Inc. > > www.searchblox.com > > Ph: +91 9445389179 > > > -- Thanks and Regards, Naveen A.N Lead Software Developer SearchBlox Software, Inc. www.searchblox.com Ph: +91 9445389179
