You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@directory.apache.org by el...@apache.org on 2017/01/08 18:56:45 UTC

svn commit: r1777900 - /directory/site/trunk/content/api/user-guide/5.1-ldaps.mdtext

Author: elecharny
Date: Sun Jan  8 18:56:45 2017
New Revision: 1777900

URL: http://svn.apache.org/viewvc?rev=1777900&view=rev
Log:
Added some information on LDAPS

Modified:
    directory/site/trunk/content/api/user-guide/5.1-ldaps.mdtext

Modified: directory/site/trunk/content/api/user-guide/5.1-ldaps.mdtext
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/api/user-guide/5.1-ldaps.mdtext?rev=1777900&r1=1777899&r2=1777900&view=diff
==============================================================================
--- directory/site/trunk/content/api/user-guide/5.1-ldaps.mdtext (original)
+++ directory/site/trunk/content/api/user-guide/5.1-ldaps.mdtext Sun Jan  8 18:56:45 2017
@@ -22,11 +22,12 @@ Notice: Licensed to the Apache Software
     specific language governing permissions and limitations
     under the License.
 
+
 # 5.1 - LDAPS
 
 **LDAP** supports **SSL**, it's called **LDAPS**, and it uses a dedicated port. As of today, and since 2000, **LDAPS** is deprecated and **StartTLS** should be used.
 
-That being said, many servers accept **LDAPS**, and the Apache LDAP API supports it.
+That being said, many servers accept **LDAPS**, and the **Apache LDAP API** supports it.
 
 ## How does it work ?
 
@@ -71,7 +72,8 @@ By default, the selected protocol is **T
 
 It's possible to have more control on the **SSL** configuration, and specifically to provide a specific **TrustManager** :
 
-        try ( LdapConnection connection = new LdapNetworkConnection( Network.LOOPBACK_HOSTNAME, getLdapServer().getPortSSL(), new NoVerificationTrustManager() ) )
+        try ( LdapConnection connection = new LdapNetworkConnection( Network.LOOPBACK_HOSTNAME, getLdapServer().getPortSSL(), 
+                new NoVerificationTrustManager() ) )
         {
             connection.bind( "uid=admin,ou=system", "secret" );
             
@@ -86,7 +88,7 @@ Here, we use the _NoVerificationTrustMan
 One step further : you can define a dediated configuration that is passed to the constructor. Many parameters can be defined :
 
 * the enabled cipher suites
-* the enabled protocols
+* the enabled protocols : a list of protocals that may be used ( "SSLv3", "TLS", "TLSv1", "TLSv1.1", "TLSv1.2")
 * the KeyManager instances
 * the SecureRandom instance
 * the SSL protocol to use