3

I would like to start an in-memory UnboundID server using an SSL listener. So far I am only able to create a non-SSL one, as could be seen in many examples. Unfortunately, I can't seem to be able to find an example which illustrates how to add an SSL listener. All the SSL examples seem to be showing how to instantiate a connection and use SSL/TLS.

Could somebody please show how this should be done?

Thanks in advance!

carlspring
  • 31,231
  • 29
  • 115
  • 197

1 Answers1

4

Here's one of the configurations I use from the LDAP SDK unit tests:

final InMemoryDirectoryServerConfig cfg =
     new InMemoryDirectoryServerConfig("dc=example,dc=com",
          "o=example.com");
cfg.addAdditionalBindCredentials("cn=Directory Manager", "password");
cfg.addAdditionalBindCredentials("cn=Manager", "password");
cfg.setSchema(Schema.getDefaultStandardSchema());
cfg.setListenerExceptionHandler(
     new StandardErrorListenerExceptionHandler());

final SSLUtil serverSSLUtil = new SSLUtil(
     new KeyStoreKeyManager(keyStorePath, "password".toCharArray(),
          "JKS", "server-cert"),
     new TrustStoreTrustManager(trustStorePath));
final SSLUtil clientSSLUtil = new SSLUtil(new TrustAllTrustManager());

cfg.setListenerConfigs(InMemoryListenerConfig.createLDAPSConfig("LDAPS",
     null, 0, serverSSLUtil.createSSLServerSocketFactory(),
     clientSSLUtil.createSSLSocketFactory()));

final InMemoryDirectoryServer testDSWithSSL =
     new InMemoryDirectoryServer(cfg);
testDSWithSSL.startListening();

Also, if you want to add support for StartTLS, you would add another listener config that looks like:

InMemoryListenerConfig.createLDAPConfig("LDAP with StartTLS", null, 0,
     serverSSLUtil.createSSLSocketFactory())

Neil

Neil Wilson
  • 1,706
  • 8
  • 4
  • Thanks for this example! Just a small clarification: is this all listening on the same port, or what...? How does it work? – carlspring Oct 31 '13 at 22:22
  • Could you also please paste a link to the sources of the tests you're referring to? Thanks! – carlspring Nov 01 '13 at 01:32
  • 1
    The in-memory directory server can have any number of listeners. By default (when you don't use the InMemoryDirectoryServerConfig.setListenerConfigs method) you get one unencrypted listener that listens on a port automatically selected by the system. If you use the setListenerConfigs method, then you can configure as many listeners as you want, and each will use a different port. If you have the server choose a port for you, use the InMemoryDirectoryServer.getListenPort(listenerName) method once the server is started to figure out what port has been selected. – Neil Wilson Nov 01 '13 at 05:39
  • Unfortunately, the LDAP SDK unit tests aren't publicly available. Running the tests requires access to an UnboundID Directory Server instance, and that software is currently only available to paying customers. However, I am in the process of improving the examples in the LDAP SDK javadoc and I have already updated the InMemoryDirectoryServer example to demonstrate how to set it up for SSL and StartTLS. This should get committed (along with lots of other example updates) in the next few days. – Neil Wilson Nov 01 '13 at 05:43
  • So, I gather you're a developer on the UnboundID team...? If so, could you tell me if I am allowed to use your API for a simple Maven plugin I intend to open source under Apache 2.0? (The code is still very much work-in-progress and could be found here: https://github.com/carlspring/unboundid-maven-plugin). If you are on the team, would you mind contacting me via e-mail just to confirm the licensing question? My mail could be found in the sources. Thanks for your help! – carlspring Nov 01 '13 at 11:16
  • 1
    I am the lead developer for the UnboundID LDAP SDK for Java. I just sent you an email message with information about licenses and how you can get help. FYI, the best page for finding other sources of help is https://www.unboundid.com/products/ldap-sdk/docs/help.php. – Neil Wilson Nov 01 '13 at 17:13
  • I've now implemented some basic SSL support in my unboundid-maven-plugin (check here https://github.com/carlspring/unboundid-maven-plugin). Some slow work after we'd last spoken, but nevertheless moving along... Cheers! – carlspring Jan 26 '14 at 06:18