Quick Help on LDAP to LDAPS move for MS AD

Hi There,

I have an Speing Application which uses LDAP authentication....But now I have to move it  to LDAPS secured Authentication...Could anyone help me how can I do that and what are the best procedures to be followed to achieve it...

Quick replies would be appreciated..


For Reference..This is the URL We are forming during the authentication.Please clarify should I change the port also?
ldapUrl = "ldap://" + domain.getIpAddr() + ":" + domain.getPort();

Thanks.

Sarah Jay wrote:Hi There,

I have an Speing Application which uses LDAP authentication....But now I have to move it  to LDAPS secured Authentication...Could anyone help me how can I do that and what are the best procedures to be followed to achieve it...

Quick replies would be appreciated..


For Reference..This is the URL We are forming during the authentication.Please clarify should I change the port also?
ldapUrl = "ldap://" + domain.getIpAddr() + ":" + domain.getPort();

Thanks.

I mean what are the steps involved in mograting to LDAPS....

The Well-Known Port for LDAPS is 636. But I think LDAP is one of those protocols where you can also use the non-secure port and they'll negotiate security.

Although for readability, efficiency and reduced likelihood of coding errors, I would recommend using String.format() to build the ldapUrl string instead of brute concatenation.

Tim Holloway wrote:The Well-Known Port for LDAPS is 636. But I think LDAP is one of those protocols where you can also use the non-secure port and they'll negotiate security.

Although for readability, efficiency and reduced likelihood of coding errors, I would recommend using String.format() to build the ldapUrl string instead of brute concatenation.

Hi Tim...

Thanks... Am aware of that... But my question is like how can I move from LDAP to Secure LDAps

Upgrade the LDAP server to support LDAPS. Use the "ldaps:" URL. Change port if needed. Should be all it takes.

Tim Holloway wrote:Upgrade the LDAP server to support LDAPS. Use the "ldaps:" URL. Change port if needed. Should be all it takes.

Thanks, Tim... Here  I am not hardcoding the port number either as 389 or 636 instead we are fetching it from AD Domain  Directory itself, Using a bean. So is it needed to add the SSL or any authorized certificate? or will it work without a certificate as well?