Hi Naveen, I've created a branch, branches/CONNECTORS-1244, that has a significantly modified LDAP authority in it.
This LDAP authority supports four different protocols: plain LDAP, LDAP with ssl, LDAP with tls, and LDAP with both ssl and tls. Please check out the branch and exercise it in your environment. If you use any of the new protocols, you will also need to add appropriate x509 certificates to the connection's trust store in order for them to not fail. I'd like to integrate this back to trunk as soon as possible, so please let me know how things are going, and also which protocol you wound up using. Thanks, Karl On Wed, Sep 23, 2015 at 10:04 AM, Naveen.A.N <[email protected]> wrote: > Okay, Lets try if it works it will be good :) > > On Wed, Sep 23, 2015 at 7:02 PM, Karl Wright <[email protected]> wrote: > > > The SSL connection ability of Java's LDAP library is, sadly, rather > > limited. I will only be able to implement a "trust everything" version > of > > SSL because of its technical limitations. That means that we basically > > don't check for certificate validity in the LDAP connector, and assume > all > > certs are OK. > > > > For a client, that's usually fine, but I wanted to mention it in case > that > > was a blocker. > > > > Karl > > > > > > On Wed, Sep 23, 2015 at 9:17 AM, Naveen.A.N <[email protected]> > > wrote: > > > > > Hi Karl, > > > > > > I am not sure I can work on it now. I will make some test by end of > this > > > week and let you know. > > > > > > On Wed, Sep 23, 2015 at 4:08 PM, Karl Wright <[email protected]> > wrote: > > > > > > > It looks like this is what we'll need to do to allow for SSL > > connections > > > to > > > > LDAP: > > > > > > > > http://docs.oracle.com/javase/jndi/tutorial/ldap/security/ssl.html > > > > > > > > Note that in MCF we do not permit the use of the default keystore, so > > > we'd > > > > have to override the socket as well with a custom keystore. This > > > requires > > > > a connection keystore, plus UI additions to support adding > certificates > > > to > > > > the connection keystore. CONNECTORS-1244. > > > > > > > > I'm happy to work on this but I probably won't get very far until the > > > > weekend. > > > > > > > > In the meantime, it would be great if you could confirm that you > could > > > > connect to your LDAP using the LDAP connector modified to specify an > > SSL > > > > connection, with appropriate certificates added to the default Java > > > > keystore. > > > > > > > > Thanks, > > > > Karl > > > > > > > > > > > > On Wed, Sep 23, 2015 at 6:24 AM, Karl Wright <[email protected]> > > wrote: > > > > > > > > > I'm afraid all that the LDAP connector does is use the provided > Java > > > LDAP > > > > > library to connect to LDAP. You'll have to play around with it > until > > > you > > > > > can get it to work. Once you figure it out, I'd be happy to change > > > > > whatever code is needed to help it work in your environment. > > > > > > > > > > I'd consider figuring out first of all how to turn on SSL/TLS, > since > > > that > > > > > sounds like it could be the problem. > > > > > > > > > > Thanks, > > > > > Karl > > > > > > > > > > > > > > > On Wed, Sep 23, 2015 at 2:51 AM, Naveen.A.N < > [email protected]> > > > > > wrote: > > > > > > > > > >> Hi Karl, > > > > >> > > > > >> Yes I am using LDAP Authority Connection . > > > > >> if I specify the port 636 it fails with Threw exception: 'Naming > > > error: > > > > >> domainname:636; socket closed'. > > > > >> > > > > >> On Wed, Sep 23, 2015 at 11:26 AM, Karl Wright <[email protected] > > > > > > wrote: > > > > >> > > > > >> > Hi Naveen, > > > > >> > > > > > >> > Can you back up a bit, and start with what connector you are > > using? > > > > Is > > > > >> > this the LDAP authority? If so, you can specify the port. > > > > >> > > > > > >> > Karl > > > > >> > > > > > >> > > > > > >> > On Tue, Sep 22, 2015 at 10:27 PM, Naveen.A.N < > > > [email protected]> > > > > >> > wrote: > > > > >> > > > > > >> > > Hi, > > > > >> > > > > > > >> > > When i try to connect an LDAP server it gives me this error > > > > >> > > > > > > >> > > *Threw exception: 'Naming error: [LDAP: error code 8 - > 00002028: > > > > >> LdapErr: > > > > >> > > DSID-0C090202, comment: The server requires binds to turn on > > > > integrity > > > > >> > > checking if SSL\TLS are not already active on the connection, > > data > > > > 0, > > > > >> > > v2580�]'* > > > > >> > > > > > > >> > > When i try to use the ldp.exe and try everything was working > > > fine. I > > > > >> > found > > > > >> > > that if a server uses Required signature in LDAP server it > cause > > > > this > > > > >> > > issue. Is there any way to fix this? > > > > >> > > > > > > >> > > Is there a way to query the secured port? > > > > >> > > -- > > > > >> > > Thanks and Regards, > > > > >> > > Naveen A.N > > > > >> > > > > > > >> > > > > > >> > > > > >> > > > > >> > > > > >> -- > > > > >> Thanks and Regards, > > > > >> Naveen A.N > > > > >> Lead Software Developer > > > > >> SearchBlox Software, Inc. > > > > >> www.searchblox.com > > > > >> Ph: +91 9445389179 > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > Thanks and Regards, > > > Naveen A.N > > > Lead Software Developer > > > SearchBlox Software, Inc. > > > www.searchblox.com > > > Ph: +91 9445389179 > > > > > > > > > -- > Thanks and Regards, > Naveen A.N > Lead Software Developer > SearchBlox Software, Inc. > www.searchblox.com > Ph: +91 9445389179 >
