To enable TLS connections, use DefaultTlsDirContextAuthenticationStrategy.
(http://blog.jayway.com/2008/10/27/wh...pring-ldap-13/)

Ok, that didn't work well for me since I need to manage certificate stuff inside my program.
So, I wrote my own class implements DirContextAuthenticationStrategy. In two override methods:
set authenticate props in processContextAfterCreation(...):

ctx.addToEnvironment(Context.SECURITY_AUTHENTICATI ON, "simple");
ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, userDn);
ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password);
ctx.addToEnvironment(Context.INITIAL_CONTEXT_FACTO RY, "com.sun.jndi.ldap.LdapCtxFactory");
ctx.addToEnvironment("java.naming.ldap.factory.soc ket", "MySSLSocketFactory");
ctx.addToEnvironment(Context.SECURITY_PROTOCOL, "ssl");
and set env properties in setupEnvironment(...):
System.setProperty("javax.net.ssl.trustStore", trustStore);
System.setProperty("javax.net.ssl.keyStore", keyStore);
System.setProperty("javax.net.ssl.keyStorePassword ", keyStorePassword);

So that works - if keyStore value is set properly before the call.

Now, my question comes as what if I don't have the certificate set up before the method gets called -- I know of course, it throws that lovely exception: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderE xception

That's exactly what I need to handle: manage the certificate verification dynamically, ie: once the exception is caught, how do I retrieve the certificate info, and say accept, then the program just continue to run! (also store the certificate in my keystore so it won't ask me next time.) Any help is highly appreciated.
Thanks,
jb