You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2017/01/08 18:56:45 UTC
svn commit: r1777900 -
/directory/site/trunk/content/api/user-guide/5.1-ldaps.mdtext
Author: elecharny
Date: Sun Jan 8 18:56:45 2017
New Revision: 1777900
URL: http://svn.apache.org/viewvc?rev=1777900&view=rev
Log:
Added some information on LDAPS
Modified:
directory/site/trunk/content/api/user-guide/5.1-ldaps.mdtext
Modified: directory/site/trunk/content/api/user-guide/5.1-ldaps.mdtext
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/api/user-guide/5.1-ldaps.mdtext?rev=1777900&r1=1777899&r2=1777900&view=diff
==============================================================================
--- directory/site/trunk/content/api/user-guide/5.1-ldaps.mdtext (original)
+++ directory/site/trunk/content/api/user-guide/5.1-ldaps.mdtext Sun Jan 8 18:56:45 2017
@@ -22,11 +22,12 @@ Notice: Licensed to the Apache Software
specific language governing permissions and limitations
under the License.
+
# 5.1 - LDAPS
**LDAP** supports **SSL**, it's called **LDAPS**, and it uses a dedicated port. As of today, and since 2000, **LDAPS** is deprecated and **StartTLS** should be used.
-That being said, many servers accept **LDAPS**, and the Apache LDAP API supports it.
+That being said, many servers accept **LDAPS**, and the **Apache LDAP API** supports it.
## How does it work ?
@@ -71,7 +72,8 @@ By default, the selected protocol is **T
It's possible to have more control on the **SSL** configuration, and specifically to provide a specific **TrustManager** :
- try ( LdapConnection connection = new LdapNetworkConnection( Network.LOOPBACK_HOSTNAME, getLdapServer().getPortSSL(), new NoVerificationTrustManager() ) )
+ try ( LdapConnection connection = new LdapNetworkConnection( Network.LOOPBACK_HOSTNAME, getLdapServer().getPortSSL(),
+ new NoVerificationTrustManager() ) )
{
connection.bind( "uid=admin,ou=system", "secret" );
@@ -86,7 +88,7 @@ Here, we use the _NoVerificationTrustMan
One step further : you can define a dediated configuration that is passed to the constructor. Many parameters can be defined :
* the enabled cipher suites
-* the enabled protocols
+* the enabled protocols : a list of protocals that may be used ( "SSLv3", "TLS", "TLSv1", "TLSv1.1", "TLSv1.2")
* the KeyManager instances
* the SecureRandom instance
* the SSL protocol to use