• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • Devaka Cooray
  • Ron McLeod
  • Jeanne Boyarsky
Sheriffs:
  • Liutauras Vilda
  • paul wheaton
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Piet Souris
  • Carey Brown
  • Tim Holloway
Bartenders:
  • Martijn Verburg
  • Frits Walraven
  • Himai Minh

LDAP to LDAPS

 
Ranch Hand
Posts: 39
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

Could anyone help on how to switch from LDAP to LDAPS.
I read this Article : https://docs.oracle.com/javase/tutorial/jndi/ldap/ssl.html

What I got is either we can add below piece of code and use certificate


OR we can make the changes in LDAP URL That is ldap to ldaps

as mentioned below:



And could anyone say me that will we use SSL for LDAP also..? OR we will use ssl certificates inly for SECURE LDAPS connection.

Is it enough if I change in the URL?
 
Saloon Keeper
Posts: 14499
325
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Sarah Jay wrote:And could anyone say me that will we use SSL for LDAP also..?


No. LDAP does not use SSL.

Is it enough if I change in the URL?


From the page you linked to (emphasis mine):

Instead of requesting the use of SSL via the use of the Context.SECURITY_PROTOCOL property, you can also request the use of SSL via the use of LDAPS URLs.


I think this statement leaves little open to interpretation.
 
Sarah Jay
Ranch Hand
Posts: 39
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Instead of requesting the use of SSL via the use of the Context.SECURITY_PROTOCOL property, you can also request the use of SSL via the use of LDAPS URLs.


I think this statement leaves little open to interpretation.

Thank you so much Stephan.

So now for LDAPS we should use SSL for both ways..... Either it might be  Context.SECURITY_PROTOCOL  or For URL change.. SSL certificate is mandatory ...Correct me if am wrong.. Am little confused..

And if I have to use SSL certificates could you please give me an Idea how can I do it...As I am new to this topic I have been reading some articles but still I am not sure How to do it...


 
Stephan van Hulst
Saloon Keeper
Posts: 14499
325
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Sarah Jay wrote:So now for LDAPS we should use SSL for both ways


This assertion doesn't make a lot of sense. SSL is a bidirectional protocol. Either both sides use the same SSL connection, or neither does.

SSL certificate is mandatory


Theoretically not. The SSL spec states that both client and server certificates are optional.

In practice, pretty much all secure application layer protocols require server authentication through certificates at the socket layer. However, most servers will allow clients to connect without a client certificate. Instead, client authentication is performed at the application level (using usernames and passwords or single sign-on)

And if I have to use SSL certificates could you please give me an Idea how can I do it...


Wasn't this already explained in your other topic, regarding how to set up the domain controller? For the client side, I don't think you need certificates. If you do, you can probably find out how through the JSSE reference guide, which you can find through the page you linked to.
 
Sarah Jay
Ranch Hand
Posts: 39
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Ok Thank you So much Stephan.

I will make changes without SSL with a change in LDAP to ldaps in the URL.
 
Fire me boy! Cool, soothing, shameless self promotion:
the value of filler advertising in 2021
https://coderanch.com/t/730886/filler-advertising
reply
    Bookmark Topic Watch Topic
  • New Topic