You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by Marc Boorshtein <mb...@gmail.com> on 2005/09/22 12:50:23 UTC
[Servser] SSL Support?
I thought I read somewhere that apacheds supports SSL (in the ldap listener)
with Java 5, but I can't find any docs. How is this setup?
Thanks
Marc
Re: [Servser] SSL Support?
Posted by Nick Faiz <ni...@gmail.com>.
Id like to know too. I had thought it wasn't available.
Nick
On 9/22/05, Marc Boorshtein <mb...@gmail.com> wrote:
> I thought I read somewhere that apacheds supports SSL (in the ldap listener)
> with Java 5, but I can't find any docs. How is this setup?
>
> Thanks
> Marc
>
Re: [Servser] SSL Support?
Posted by Trustin Lee <tr...@gmail.com>.
ApacheDS doesn't use MINA SSL support yet. There's a tutorial in wiki that
demonstrates the usage of SSLFilter and LoggingFilter.
http://wiki.apache.org/directory/MinaTutorial
Or you could simply browse the MINA Echo protocol server example:
http://directory.apache.org/subprojects/network/getting_started.html
Trustin
2005/9/22, Marc Boorshtein <mb...@gmail.com>:
>
> It looks like MINA-111 adds support for SSL, but there are no docs on how
> to enable it.
>
> Marc
>
> On 9/22/05, Trustin Lee <tr...@gmail.com>>
> wrote:
> >
> > There's no SSL support for ApacheDS-server yet. We have to improve MINA
> > to support SASL first.
> >
> > Trustin
> >
> > 2005/9/22, Marc Boorshtein < mboorshtein@gmail.com
> > <ht...@gmail.com>>:
> > >
> > > I thought I read somewhere that apacheds supports SSL (in the ldap
> > > listener) with Java 5, but I can't find any docs. How is this setup?
> > >
> > > Thanks
> > > Marc
> > >
> >
> >
> >
> > --
> > what we call human nature is actually human habit
> > --
> > http://gleamynode.net/
>
>
>
--
what we call human nature is actually human habit
--
http://gleamynode.net/
Re: [Servser] SSL Support?
Posted by David Boreham <da...@bozemanpass.com>.
Marc Boorshtein wrote:
> It looks like MINA-111 adds support for SSL, but there are no docs on
> how to enable it.
We use SSL with ApacheDS inside the NT4 LDAP server
we ship with Fedora Directory Server. The source is open
(from memory we added one or two minor things to support
easy cert configuration). The ApacheDS/Mina code has probably
changed quite a bit since then though.
Re: [Servser] SSL Support?
Posted by Marc Boorshtein <mb...@gmail.com>.
It looks like MINA-111 adds support for SSL, but there are no docs on how to
enable it.
Marc
On 9/22/05, Trustin Lee <tr...@gmail.com> wrote:
>
> There's no SSL support for ApacheDS-server yet. We have to improve MINA to
> support SASL first.
>
> Trustin
>
> 2005/9/22, Marc Boorshtein <mboorshtein@gmail.com >:
> >
> > I thought I read somewhere that apacheds supports SSL (in the ldap
> > listener) with Java 5, but I can't find any docs. How is this setup?
> >
> > Thanks
> > Marc
> >
>
>
>
> --
> what we call human nature is actually human habit
> --
> http://gleamynode.net/
Re: [Servser] SSL Support?
Posted by Marc Boorshtein <mb...@gmail.com>.
Well, it depends on your needs. If you are going to use public key
authentication, then yes you would need SASL. However if all you want is
transport level security then you only need to enable SSL (with a key&cert).
This way users are still authenticated using simple binds but the
communications are encrypted.
Marc
On 9/22/05, Trustin Lee <tr...@gmail.com> wrote:
>
> I thought SASL is required for LDAP to authenticate user in a secure way
> and LDAPS works with SASL only. Am I misunderstanding? Let me know. I'm a
> novice in LDAP. :)
>
> Trustin
>
> 2005/9/22, Marc Boorshtein <mb...@gmail.com>:
> >
> > I'm not sure I understand why SASL support is required to support SSL.
> > Isn't SASL and application level protocol where as SSL is at lower level?
> >
> > Marc
> >
> > On 9/22/05, Trustin Lee < trustin@gmail.com<ht...@gmail.com>>
> > wrote:
> > >
> > > There's no SSL support for ApacheDS-server yet. We have to improve
> > > MINA to support SASL first.
> > >
> > > Trustin
> > >
> > > 2005/9/22, Marc Boorshtein < mboorshtein@gmail.com
> > > <ht...@gmail.com>>:
> > > >
> > > > I thought I read somewhere that apacheds supports SSL (in the ldap
> > > > listener) with Java 5, but I can't find any docs. How is this setup?
> > > >
> > > > Thanks
> > > > Marc
> > > >
> > >
> > >
> > >
> > > --
> > > what we call human nature is actually human habit
> > > --
> > > http://gleamynode.net/
> >
> >
> >
>
>
> --
> what we call human nature is actually human habit
> --
> http://gleamynode.net/
>
Re: [Servser] SSL Support?
Posted by David Boreham <da...@bozemanpass.com>.
Trustin Lee wrote:
> I thought SASL is required for LDAP to authenticate user in a secure
> way and LDAPS works with SASL only. Am I misunderstanding? Let me
> know. I'm a novice in LDAP. :)
>
Nope, SASL and SSL are orthogonal (well, nearly).
If (and only if) you want to perform cert-based authentication in
a standard way, then you need to support the SASL-EXTERNAL
mechanism. But almost nobody needs this. Basic SSL does
not depend on SASL (and in fact SASL-EXTERNAL doesn't
really depend on SASL either ;)
Re: [Servser] SSL Support?
Posted by Trustin Lee <tr...@gmail.com>.
I thought SASL is required for LDAP to authenticate user in a secure way and
LDAPS works with SASL only. Am I misunderstanding? Let me know. I'm a novice
in LDAP. :)
Trustin
2005/9/22, Marc Boorshtein <mb...@gmail.com>:
>
> I'm not sure I understand why SASL support is required to support SSL.
> Isn't SASL and application level protocol where as SSL is at lower level?
>
> Marc
>
> On 9/22/05, Trustin Lee <tr...@gmail.com>>
> wrote:
> >
> > There's no SSL support for ApacheDS-server yet. We have to improve MINA
> > to support SASL first.
> >
> > Trustin
> >
> > 2005/9/22, Marc Boorshtein < mboorshtein@gmail.com
> > <ht...@gmail.com>>:
> > >
> > > I thought I read somewhere that apacheds supports SSL (in the ldap
> > > listener) with Java 5, but I can't find any docs. How is this setup?
> > >
> > > Thanks
> > > Marc
> > >
> >
> >
> >
> > --
> > what we call human nature is actually human habit
> > --
> > http://gleamynode.net/
>
>
>
--
what we call human nature is actually human habit
--
http://gleamynode.net/
Re: [Servser] SSL Support?
Posted by Trustin Lee <tr...@gmail.com>.
There's no SSL support for ApacheDS-server yet. We have to improve MINA to
support SASL first.
Trustin
2005/9/22, Marc Boorshtein <mb...@gmail.com>:
>
> I thought I read somewhere that apacheds supports SSL (in the ldap
> listener) with Java 5, but I can't find any docs. How is this setup?
>
> Thanks
> Marc
>
--
what we call human nature is actually human habit
--
http://gleamynode.net/