This week's book giveaways are in the Jython/Python and Object-Oriented programming forums.
We're giving away four copies each of Machine Learning for Business: Using Amazon SageMaker and Jupyter and Object Design Style Guide and have the authors on-line!
See this thread and this one for details.
Win a copy of Machine Learning for Business: Using Amazon SageMaker and JupyterE this week in the Jython/Python forum
or Object Design Style Guide in the Object-Oriented programming forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Paul Clapham
  • Jeanne Boyarsky
  • Knute Snortum
Sheriffs:
  • Liutauras Vilda
  • Tim Cooke
  • Junilu Lacar
Saloon Keepers:
  • Ron McLeod
  • Stephan van Hulst
  • Tim Moores
  • Tim Holloway
  • Carey Brown
Bartenders:
  • Joe Ess
  • salvin francis
  • fred rosenberger

LDAP to LDAPS

 
Ranch Hand
Posts: 39
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

Could anyone help on how to switch from LDAP to LDAPS.
I read this Article : https://docs.oracle.com/javase/tutorial/jndi/ldap/ssl.html

What I got is either we can add below piece of code and use certificate


OR we can make the changes in LDAP URL That is ldap to ldaps

as mentioned below:



And could anyone say me that will we use SSL for LDAP also..? OR we will use ssl certificates inly for SECURE LDAPS connection.

Is it enough if I change in the URL?
 
Saloon Keeper
Posts: 11189
244
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Sarah Jay wrote:And could anyone say me that will we use SSL for LDAP also..?


No. LDAP does not use SSL.

Is it enough if I change in the URL?


From the page you linked to (emphasis mine):

Instead of requesting the use of SSL via the use of the Context.SECURITY_PROTOCOL property, you can also request the use of SSL via the use of LDAPS URLs.


I think this statement leaves little open to interpretation.
 
Sarah Jay
Ranch Hand
Posts: 39
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Instead of requesting the use of SSL via the use of the Context.SECURITY_PROTOCOL property, you can also request the use of SSL via the use of LDAPS URLs.


I think this statement leaves little open to interpretation.

Thank you so much Stephan.

So now for LDAPS we should use SSL for both ways..... Either it might be  Context.SECURITY_PROTOCOL  or For URL change.. SSL certificate is mandatory ...Correct me if am wrong.. Am little confused..

And if I have to use SSL certificates could you please give me an Idea how can I do it...As I am new to this topic I have been reading some articles but still I am not sure How to do it...


 
Stephan van Hulst
Saloon Keeper
Posts: 11189
244
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Sarah Jay wrote:So now for LDAPS we should use SSL for both ways


This assertion doesn't make a lot of sense. SSL is a bidirectional protocol. Either both sides use the same SSL connection, or neither does.

SSL certificate is mandatory


Theoretically not. The SSL spec states that both client and server certificates are optional.

In practice, pretty much all secure application layer protocols require server authentication through certificates at the socket layer. However, most servers will allow clients to connect without a client certificate. Instead, client authentication is performed at the application level (using usernames and passwords or single sign-on)

And if I have to use SSL certificates could you please give me an Idea how can I do it...


Wasn't this already explained in your other topic, regarding how to set up the domain controller? For the client side, I don't think you need certificates. If you do, you can probably find out how through the JSSE reference guide, which you can find through the page you linked to.
 
Sarah Jay
Ranch Hand
Posts: 39
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ok Thank you So much Stephan.

I will make changes without SSL with a change in LDAP to ldaps in the URL.
 
What is that? Is that a mongol hoarde? Can we fend them off with this tiny ad?
Sauce Labs - World's Largest Continuous Testing Cloud for Websites and Mobile Apps
https://coderanch.com/t/722574/Sauce-Labs-World-Largest-Continuous
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!