You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2017/01/04 23:33:48 UTC

svn commit: r1777388 - /directory/site/trunk/content/api/user-guide/5.1-ssl.mdtext

Author: elecharny
Date: Wed Jan  4 23:33:48 2017
New Revision: 1777388

URL: http://svn.apache.org/viewvc?rev=1777388&view=rev
Log:
Completed the SSL doco

Modified:
    directory/site/trunk/content/api/user-guide/5.1-ssl.mdtext

Modified: directory/site/trunk/content/api/user-guide/5.1-ssl.mdtext
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/api/user-guide/5.1-ssl.mdtext?rev=1777388&r1=1777387&r2=1777388&view=diff
==============================================================================
--- directory/site/trunk/content/api/user-guide/5.1-ssl.mdtext (original)
+++ directory/site/trunk/content/api/user-guide/5.1-ssl.mdtext Wed Jan  4 23:33:48 2017
@@ -67,5 +67,45 @@ This is as simple as that ! The **636* p
 
 By default, the selected protocol is **TLS**, and we wont verify the server's certificate.
 
+## A more sophisticated sample
+
+It's possible to have more control on the **SSL** configuration, and specifically to provide a specific **TrustManager** :
+
+        try ( LdapConnection connection = new LdapNetworkConnection( Network.LOOPBACK_HOSTNAME, getLdapServer().getPortSSL(), new NoVerificationTrustManager() ) )
+        {
+            connection.bind( "uid=admin,ou=system", "secret" );
+            
+            assertTrue( ((LdapNetworkConnection)connection).getConfig().isUseSsl() );
+            assertTrue( connection.isAuthenticated() );
+        }
+
+Here, we use the _NoVerificationTrustManager_ class, but you can define your own implementation. The **Fortress** project is using [this class](https://github.com/apache/directory-fortress-core/blob/master/src/main/java/org/apache/directory/fortress/core/ldap/LdapClientTrustStoreManager.java).
+
+## Using a configuration
+
+One step further : you can define a dediated configuration that is passed to the constructor. Many parameters can be defined :
+
+* the enabled cipher suites
+* the enabled protocols
+* the KeyManager instances
+* the SecureRandom instance
+* the SSL protocol to use
+* the TrustManager instances
+
+All those parameters are configured using the _LdapConnectionConfig_ class :
+
+        LdapConnectionConfig sslConfig = new LdapConnectionConfig();
+        sslConfig.setLdapHost( Network.LOOPBACK_HOSTNAME );
+        sslConfig.setUseSsl( true );
+        sslConfig.setLdapPort( getLdapServer().getPortSSL() );
+        sslConfig.setTrustManagers( new NoVerificationTrustManager() );
+
+        try ( LdapConnection connection = new LdapNetworkConnection( sslConfig ) )
+        {
+            connection.bind( "uid=admin,ou=system", "secret" );
+            
+            assertTrue( ((LdapNetworkConnection)connection).getConfig().isUseSsl() );
+            assertTrue( connection.isAuthenticated() );
+        }