org.apache.directory.server.ldap.handlers.extended.StartTlsHandler Java Examples
The following examples show how to use
org.apache.directory.server.ldap.handlers.extended.StartTlsHandler.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: LdapServer.java From MyVirtualDirectory with Apache License 2.0 | 5 votes |
|
/**
* reloads the SSL context by replacing the existing SslFilter
* with a new SslFilter after reloading the keystore.
*
* Note: should be called to reload the keystore after changing the digital certificate.
*/
public void reloadSslContext() throws Exception
{
if ( !started )
{
return;
}
LOG.info( "reloading SSL context..." );
loadKeyStore();
String sslFilterName = "sslFilter";
for ( IoFilterChainBuilder chainBuilder : chainBuilders )
{
DefaultIoFilterChainBuilder dfcb = ( ( DefaultIoFilterChainBuilder ) chainBuilder );
if ( dfcb.contains( sslFilterName ) )
{
DefaultIoFilterChainBuilder newChain = ( DefaultIoFilterChainBuilder ) LdapsInitializer
.init( this );
dfcb.replace( sslFilterName, newChain.get( sslFilterName ) );
newChain = null;
}
}
StartTlsHandler handler = ( StartTlsHandler ) getExtendedOperationHandler( StartTlsHandler.EXTENSION_OID );
if ( handler != null )
{
handler.setLdapServer( this );
}
LOG.info( "reloaded SSL context successfully" );
}
Example #2
| Source File: ApacheLDAPServer.java From carbon-identity with Apache License 2.0 | 5 votes |
|
protected void initializeLDAPServer()
throws DirectoryServerException {
if (null == this.service || null == this.ldapConfigurations) {
throw new DirectoryServerException(
"The default apacheds service is not initialized. " +
"Make sure apacheds service is initialized first.");
}
this.ldapServer = new LdapServer();
this.ldapServer.setTransports(new TcpTransport(this.ldapConfigurations.getLdapPort()));
// set server initial properties
this.ldapServer.setAllowAnonymousAccess(false);
this.ldapServer.setMaxTimeLimit(this.ldapConfigurations.getMaxTimeLimit());
this.ldapServer.setMaxSizeLimit(this.ldapConfigurations.getMaxSizeLimit());
this.ldapServer.setSaslHost(this.ldapConfigurations.getSaslHostName());
this.ldapServer.setSaslPrincipal(this.ldapConfigurations.getSaslPrincipalName());
// add the apacheds service
this.ldapServer.setDirectoryService(this.service);
setupSaslMechanisms();
try {
this.ldapServer.addExtendedOperationHandler(new StartTlsHandler());
this.ldapServer.addExtendedOperationHandler(
new StoredProcedureExtendedOperationHandler());
} catch (Exception e) {
throw new DirectoryServerException("can not add the extension handlers ", e);
}
}
Example #3
| Source File: LDAPEmbeddedServer.java From keycloak with Apache License 2.0 | 4 votes |
|
protected LdapServer createLdapServer() {
LdapServer ldapServer = new LdapServer();
ldapServer.setServiceName("DefaultLdapServer");
ldapServer.setSearchBaseDn(this.baseDN);
// Tolerate plaintext LDAP connections from clients by default
ldapServer.setConfidentialityRequired(this.setConfidentialityRequired);
// Read the transports
Transport ldap = new TcpTransport(this.bindHost, this.bindPort, 3, 50);
ldapServer.addTransports( ldap );
if (enableSSL || enableStartTLS) {
ldapServer.setKeystoreFile(keystoreFile);
ldapServer.setCertificatePassword(certPassword);
if (enableSSL) {
Transport ldaps = new TcpTransport(this.bindHost, this.bindLdapsPort, 3, 50);
ldaps.setEnableSSL(true);
ldapServer.addTransports( ldaps );
if (ldaps.isSSLEnabled()) {
log.info("Enabled SSL support on the LDAP server.");
}
}
if (enableStartTLS) {
try {
ldapServer.addExtendedOperationHandler(new StartTlsHandler());
} catch (Exception e) {
throw new IllegalStateException("Cannot add the StartTLS extension handler: ", e);
}
for (ExtendedOperationHandler eoh : ldapServer.getExtendedOperationHandlers()) {
if (eoh.getOid().equals(StartTlsHandler.EXTENSION_OID)) {
log.info("Enabled StartTLS support on the LDAP server.");
break;
}
}
}
}
// Require the LDAP server to accept only encrypted connections if confidentiality requested
if (setConfidentialityRequired) {
ldapServer.setConfidentialityRequired(true);
if (ldapServer.isConfidentialityRequired()) {
log.info("Configured the LDAP server to accepts only requests with a secured connection.");
}
}
// Associate the DS to this LdapServer
ldapServer.setDirectoryService( directoryService );
// Support for extended password modify as described in https://tools.ietf.org/html/rfc3062
try {
ldapServer.addExtendedOperationHandler(new PwdModifyHandler());
} catch (LdapException le) {
throw new IllegalStateException("It wasn't possible to add PwdModifyHandler");
}
if (enableAccessControl) {
if (enableAnonymousAccess) {
throw new IllegalStateException("Illegal to enable both the access control subsystem and the anonymous access at the same time! See: http://directory.apache.org/apacheds/gen-docs/latest/apidocs/src-html/org/apache/directory/server/core/DefaultDirectoryService.html#line.399 for details.");
} else {
directoryService.setAccessControlEnabled(true);
if (directoryService.isAccessControlEnabled()) {
log.info("Enabled basic access control checks on the LDAP server.");
}
}
} else {
if (enableAnonymousAccess) {
directoryService.setAllowAnonymousAccess(true);
// Since per ApacheDS JavaDoc: http://directory.apache.org/apacheds/gen-docs/latest/apidocs/src-html/org/apache/directory/server/core/DefaultDirectoryService.html#line.399
// "if the access control subsystem is enabled then access to some entries may not
// be allowed even when full anonymous access is enabled", disable the access control
// subsystem together with enabling anonymous access to prevent this
directoryService.setAccessControlEnabled(false);
if (directoryService.isAllowAnonymousAccess() && !directoryService.isAccessControlEnabled()) {
log.info("Enabled anonymous access on the LDAP server.");
}
}
}
return ldapServer;
}
