Announcement Announcement Module
Collapse
No announcement yet.
ldap + ssl Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • ldap + ssl

    hello,
    does acegi recognize initial dir context begining from ldaps:// instead of ldap:// ? in other words does it work with ssl enabled?

    regards,
    umrzyk

  • #2
    It should. Have you tried it and found a problem?

    Comment


    • #3
      As far as Sun's LDAP API, which Acegi uses, it supports both LDAP and LDAPS.

      Comment


      • #4
        Originally posted by Luke
        It should. Have you tried it and found a problem?
        hm.. i wonder if it is ssl problem. simply, i have a user with dn: uid=umrzyk,ou=People,dc=local. that user binds to ldaps:// (for example via some external ldap browsers) without any problem. but acegi for some reason is not able to process the same binding. here is my basic configuration:

        <bean id="initialDirContextFactory" class="org.acegisecurity.providers.ldap.DefaultIni tialDirContextFactory">
        <constructor-arg value="ldaps://localhost:636/dc=local"/>
        </bean>

        <bean id="ldapAuthenticationProvider" class="org.acegisecurity.providers.ldap.LdapAuthen ticationProvider">
        <constructor-arg>
        <bean class="org.acegisecurity.providers.ldap.authentica tor.BindAuthenticator">
        <constructor-arg><ref local="initialDirContextFactory"/></constructor-arg>
        <property name="userDnPatterns"><list><value>uid={0},ou=Peop le</value></list></property>
        </bean>
        </constructor-arg>
        <constructor-arg>
        <bean class="org.acegisecurity.providers.ldap.populator. DefaultLdapAuthoritiesPopulator">
        <property name="defaultRole"><value>ROLE_USER</value></property>
        </bean>
        </constructor-arg>
        </bean>


        and here are syslog entries:

        Mar 30 23:46:33 localhost slapd[26218]: connection_get(8): got connid=0
        Mar 30 23:46:33 localhost slapd[26218]: connection_read(8): checking for input on id=0
        Mar 30 23:46:33 localhost slapd[26218]: connection_read(8): TLS accept error error=-1 id=0, closing
        Mar 30 23:46:33 localhost slapd[26218]: connection_closing: readying conn=0 sd=8 for close
        Mar 30 23:46:33 localhost slapd[26218]: connection_close: conn=0 sd=8
        Mar 30 23:46:33 localhost slapd[26218]: daemon: removing 8
        Mar 30 23:46:33 localhost slapd[26218]: daemon: select: listen=6 active_threads=0 tvp=NULL
        Mar 30 23:46:33 localhost slapd[26218]: daemon: select: listen=7 active_threads=0 tvp=NULL
        Mar 30 23:46:33 localhost slapd[26218]: daemon: activity on 1 descriptors
        Mar 30 23:46:33 localhost slapd[26218]: daemon: select: listen=6 active_threads=0 tvp=NULL
        Mar 30 23:46:33 localhost slapd[26218]: daemon: select: listen=7 active_threads=0 tvp=NULL

        regards,
        umrzyk

        Comment


        • #5
          Why don't you run slapd manually with full debugging on. That will give you more output from the SSL handshake etc.

          Comment

          Working...
          X