directory-api mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <>
Subject Re: How do I use the LDAP API with SSL/TLS
Date Tue, 21 Aug 2012 05:31:04 GMT
On Tue, Aug 21, 2012 at 5:09 AM, Nate Seeley
<> wrote:
> I would like to use the LDAP API to allow my java application to query LDAP
> over a secure connection.  I've read the docs at
> and still
> have a few questions.
> The docs say all we have to do to make the connection secure is to pass
> true as a third parameter to the LdapNetworkConnection constructor.
>     LdapConnection connection = new LdapNetworkConnection( "localhost",
> 636, true );
> I was wondering the following :
> 1.) How does LdapNetworkConnection know what certificates to trust? I
> assume we need to import certificates into a java keystore first, right?
> How do I tell LdapNetworkConnection what keystore to use?
> 2.) How do I verify the hostname of the server I am connecting to matches
> what is on the certificate?
for 1 & 2 you need to use a custom TrustManager (set it using
by default LdapNetworkConnection uses the default TrustManager
> 3.) Does the LDAP API support using StartTLS so that I can connect to my
> LDAP server on the unsecure port 389 and then upgrade to a TLS/SSL
> connection?
yes, call the startTls() after creating the connection
> I would appreciate any help you can offer. Thank you for your time,
> Nate
> PS. I'm using the latest version available as of today, which is 1.0.0-M12

Kiran Ayyagari

View raw message