Announcement Announcement Module
Collapse
No announcement yet.
TLS and setupAuthenticatedEnvironment Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    TLS, SASL, External

    Hi Veena,

    Like I said in my earlier post, I am contacting the LDAP server only for authenticating the user against the domain (Novell, in my case). I need to employ SASL EXTERNAL mechanism over TLS to perform authentication of a user authorized to interact with Novell for this purpose alone (ldapuser, in my case).

    Here is an example from the Novell LDAP for Java code libraries:
    Code:
            int ldapVersion   = LDAPConnection.LDAP_V3;
            String ldapHost   = "ldap.server.address";
            int ldapSSLPort   = 636;
            String tStore     = "C:/servercacerts";
            String tStorePass = "servercertspwd";
            String kStore     = "C:/ldapuser-certificate.PFX";
            String kStorePass = "ldapuserpwd";
            String kStoreType = "PKCS12";
            String[]  mechanism = {"EXTERNAL"};
    
            System.setProperty("javax.net.ssl.trustStore",tStore);
            System.setProperty("javax.net.ssl.trustStorePassword",tStorePass);
            System.setProperty("javax.net.ssl.keyStore",kStore);
            System.setProperty("javax.net.ssl.keyStorePassword",kStorePass);
            System.setProperty("javax.net.ssl.keyStoreType",kStoreType);
    
            LDAPJSSESecureSocketFactory ssf = new LDAPJSSESecureSocketFactory();
            LDAPConnection  conn = new LDAPConnection(ssf);
    
            try { 
              Security.addProvider(new com.novell.sasl.client.SaslProvider()); 
            }
            catch(Exception e) {
              System.err.println("Error loading security provider (" + e.getMessage() + ")"); 
            }
    
            try {
    
                conn.connect( ldapHost, ldapSSLPort);
                conn.bind((String) null, (String) null, mechanism, null, (Object)null);
    
                System.out.println((conn.isBound()) ?  "\n\tAuthenticated to the server ( sslExternal bind )\n": "\n\tNot authenticated to the server\n");
    
                // disconnect with the server
                conn.disconnect();
            }
            catch( LDAPException e ) {
                System.out.println( "Error: " + e.toString() );
            }
    This is why I was trying to use Spring LDAP's ExternalTlsDirContext... authentication strategy. I think I missed another part of my Spring configuration (to add a security provider from the Novell API):
    Code:
    	<bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
    		<property name="staticMethod" value="java.security.Security.addProvider" />
    		<property name="arguments">
    			<bean class="com.novell.sasl.client.SaslProvider" />
    		</property>
    	</bean>
    I do appreciate your suggestion and perhaps I will wait for your opinion based on the above.

    Thanks!

    Ashwin

    Comment

    Working...
    X