You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by bu...@apache.org on 2017/01/04 19:09:52 UTC
svn commit: r1004155 - in /websites/staging/directory/trunk/content: ./
api/user-guide/5.1-ssl.html
Author: buildbot
Date: Wed Jan 4 19:09:52 2017
New Revision: 1004155
Log:
Staging update by buildbot for directory
Modified:
websites/staging/directory/trunk/content/ (props changed)
websites/staging/directory/trunk/content/api/user-guide/5.1-ssl.html
Propchange: websites/staging/directory/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Wed Jan 4 19:09:52 2017
@@ -1 +1 @@
-1777362
+1777365
Modified: websites/staging/directory/trunk/content/api/user-guide/5.1-ssl.html
==============================================================================
--- websites/staging/directory/trunk/content/api/user-guide/5.1-ssl.html (original)
+++ websites/staging/directory/trunk/content/api/user-guide/5.1-ssl.html Wed Jan 4 19:09:52 2017
@@ -218,27 +218,43 @@ h2:hover > .headerlink, h3:hover > .head
</tr>
<tr>
<td>3.1 (aka TLSv1)</td>
-<td>Enabled</td>
-<td>Enabled</td>
-<td>Enabled</td>
-<td>Enabled</td>
+<td><strong>Enabled</strong></td>
+<td><strong>Enabled</strong></td>
+<td><strong>Enabled</strong></td>
+<td><strong>Enabled</strong></td>
</tr>
<tr>
<td>3.2 (aka TLSv1.1</td>
<td>Disabled</td>
-<td>Enabled</td>
-<td>Enabled</td>
-<td>Enabled</td>
+<td><strong>Enabled</strong></td>
+<td><strong>Enabled</strong></td>
+<td><strong>Enabled</strong></td>
</tr>
<tr>
<td>3.3 (aka TLSv1.2)</td>
<td>Disabled</td>
-<td>Enabled</td>
-<td>Enabled</td>
-<td>Enabled</td>
+<td><strong>Enabled</strong></td>
+<td><strong>Enabled</strong></td>
+<td><strong>Enabled</strong></td>
</tr>
</tbody>
</table>
+<p>(<em>Disabled</em> mean it's not active by default, and must be activated explicitely).</p>
+<p>The default is for Java to pick the one that fits, assuming that it will always start with the newest version (<strong>TLSv1.2</strong>).</p>
+<p>Still, you can enforce the version if needed.</p>
+<h2 id="a-quick-primer">A quick primer<a class="headerlink" href="#a-quick-primer" title="Permanent link">¶</a></h2>
+<p>Here is all what you need to get a <strong>LDAPS</strong> connection established with a server :</p>
+<div class="codehilite"><pre> <span class="k">try</span> <span class="p">(</span> <span class="n">LdapConnection</span> <span class="n">connection</span> <span class="p">=</span> <span class="n">new</span> <span class="n">LdapNetworkConnection</span><span class="p">(</span> "<span class="n">server</span><span class="o">-</span><span class="n">name</span>"<span class="p">,</span> 636<span class="p">,</span> <span class="n">true</span> <span class="p">)</span> <span class="p">)</span>
+ <span class="p">{</span>
+ <span class="n">connection</span><span class="p">.</span><span class="n">bind</span><span class="p">(</span> "<span class="n">uid</span><span class="p">=</span><span class="n">admin</span><span class="p">,</span><span class="n">ou</span><span class="p">=</span><span class="n">system</span>"<span class="p">,</span> "<span class="n">secret</span>" <span class="p">);</span>
+
+ <span class="n">assertTrue</span><span class="p">(</span> <span class="n">connection</span><span class="p">.</span><span class="n">isAuthenticated</span><span class="p">()</span> <span class="p">);</span>
+ <span class="p">}</span>
+</pre></div>
+
+
+<p>This is as simple as that ! The <strong>636* port is the default </strong>LDAPS<strong> port for standard </strong>LDAP<strong> servers, when running as </strong>root<strong>, and for </strong>ApacheDS<strong> you will have to pick </strong>10636<strong>. The </strong>true** flag is set to secure the connection. You don't need to close the connection, it will be done automatically when exiting the try{...} block.</p>
+<p>By default, the selected protocol is <strong>TLS</strong>, and we wont verify the server's certificate.</p>
<div class="nav">