Connecting to LDAP server using UnboundID , Constructor not matching documentation example

Question

I've working on implementing UnboundID in-memory ldap server for one of our applications but right from get go i ran into an issue:

I need to be making a connection to our production server once in order to get the schema using :

  Schema newSchema = Schema.getSchema(connection);
  config.setSchema(newSchema);

The documentation says that to make a connection to LDAP server using ssl i need to be using SSUtil like:

 SSLUtil sslUtil = new SSLUtil(new TrustAllTrustManager());

 LDAPConnection connection =
    new LDAPConnection(sslUtil.createSSLSocketFactory());
 connection.connect("server.example.com", 636);

I tired the above and compiler complained of

  The constructor LDAPConnection(SSLSocketFactory) is undefined

and when looking into LDAPConnection there is indeed no such constructor. I'm using unboundid-ldapsdk-se.jar jar, does anyone know of a way to get around this?

It looks like they left out a `.createSocket()` call of some description after `createSocketFactory()`. Does their documentation really advise you to use a `TrustAllTrustManager`? It's not secure to do that. — user207421, Jun 25 '13 at 23:56
@EJP I tried adding the line `LDAPConnection connection = new LDAPConnection(sslUtil.createSSLSocketFactory().createSocket(HOST_ADDRESS, PORT));` but it still says `The constructor LDAPConnection(Socket) is undefined` ! The constructor is expecting `LDAPSocketFactory` . any idea how i could create that? Not worried about the security for this application, it's running in sandbox env . — ke3pup, Jun 26 '13 at 00:44
Sorry, I can't help you with that, but there must be a secure `LDAPSocketFactory` or else a way of configuring it with a `javax.net.SocketFactory.` — user207421, Jun 26 '13 at 00:51

score 2 · Accepted Answer · answered Jun 26 '13 at 05:29

There actually is a constructor that matches the provided signature. That constructor is:

  /**
   * Creates a new LDAP connection using the specified socket factory.  No
   * actual network connection will be established.
   *
   * @param  socketFactory  The socket factory to use when establishing
   *                        connections.  If it is {@code null}, then a default
   *                        socket factory will be used.
   */
  public LDAPConnection(final SocketFactory socketFactory)
  {
    this(socketFactory, null);
  }

SSLSocketFactory is a subclass of SocketFactory, so the code included in the example should work without any problems. I just confirmed this by creating a class with those three lines (creating an SSLUtil, creating an LDAPConnection, and establishing the connection) and it compiles without any warnings or errors using JDK 5, JDK 6, and JDK 7.

Also, to address another comment, the LDAP SDK does not recommend the creation of a TrustAllTrustManager. It does provide one example that uses the TrustAllTrustManager, but there is another example immediately below that demonstrates the process for using a trust store. In addition, the documentation for the TrustAllTrustStore class indicates that it is only recommended for testing purposes. Nevertheless, I have just committed a change to the SSLUtil example that makes this recommendation even clearer.

Connecting to LDAP server using UnboundID , Constructor not matching documentation example

1 Answers1