LDAPS and hostname validation

**mariuss** · Feb 26th, 2009, 05:47 PM

Does anyone know if JNDI by default is supposed to do hostname validation with LDAPS?

The SSL certificate is validated, but the hostname is not.

What is the best way to implement or enable this validation?

**ulsa** · Feb 27th, 2009, 04:38 AM

Check out the javax.net.ssl.HostnameVerifier usage in our AbstractTlsDirContextAuthenticationStrategy. Perhaps it can be helpful.

**mariuss** · Feb 27th, 2009, 06:26 PM

Thanks for the pointer Ulrik, I was not familiar with the Start TLS extension.

If an LDAP server supports SSL is it guaranteed to also support Start TLS?

If not, then hostname verification cannot be done for all LDAPS connections, only if Start TLS is supported?

**beess** · Feb 27th, 2009, 06:40 PM

i just want to post once so i can create a thread.

**mariuss** · Mar 3rd, 2009, 06:16 PM

Originally Posted by mariuss

If an LDAP server supports SSL is it guaranteed to also support Start TLS?

To answer my own question, SSL support does not guarantee Start TLS support. Found at least once instance where LDAPS was supported, but not TLS.

Originally Posted by mariuss

If not, then hostname verification cannot be done for all LDAPS connections, only if Start TLS is supported?

Still not sure about this. Is it possible to do hostname verification with LDAPS only? How?

Thread: LDAPS and hostname validation

Thread Tools

Display

Hybrid View

LDAPS and hostname validation

true

Hostname verifications with LDAPS?

Tags for this Thread

Posting Permissions