Announcement Announcement Module
Collapse
No announcement yet.
LDAPS and hostname validation Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • LDAPS and hostname validation

    Does anyone know if JNDI by default is supposed to do hostname validation with LDAPS?

    The SSL certificate is validated, but the hostname is not.

    What is the best way to implement or enable this validation?

  • #2
    Check out the javax.net.ssl.HostnameVerifier usage in our AbstractTlsDirContextAuthenticationStrategy. Perhaps it can be helpful.

    Comment


    • #3
      Thanks for the pointer Ulrik, I was not familiar with the Start TLS extension.

      If an LDAP server supports SSL is it guaranteed to also support Start TLS?

      If not, then hostname verification cannot be done for all LDAPS connections, only if Start TLS is supported?

      Comment


      • #4
        true

        i just want to post once so i can create a thread.

        Comment


        • #5
          Hostname verifications with LDAPS?

          Originally posted by mariuss View Post
          If an LDAP server supports SSL is it guaranteed to also support Start TLS?
          To answer my own question, SSL support does not guarantee Start TLS support. Found at least once instance where LDAPS was supported, but not TLS.

          Originally posted by mariuss View Post
          If not, then hostname verification cannot be done for all LDAPS connections, only if Start TLS is supported?
          Still not sure about this. Is it possible to do hostname verification with LDAPS only? How?

          Comment

          Working...
          X