How do I start TLS with LDAP


#1

Hi, I’m aware that we can use LDAPS but currently we don’t support that and TLS over LDAP is what we are using. So I’m wondering can I make shinyproxy to use TLS over LDAP by modifying the configuration file, or do I need to modify the source code? Thanks!


#2

Hi @Keqiang_Li,

This is currently not possible via configuration. You’d have to modify the source code in
LDAPAuthenticationType.java

Something along the lines of:

DefaultTlsDirContextAuthenticationStrategy strategy = new DefaultTlsDirContextAuthenticationStrategy();
strategy.setSslSocketFactory(sslSocketFactory);
contextSource.setAuthenticationStrategy(strategy);

As you can see, ShinyProxy uses the Spring framework for LDAP connectivity. See here for more info (pt 8.1.3.1):
http://docs.spring.io/spring-ldap/site/reference/html/configuration.html

Regards,
Frederick


#3

@Keqiang_Li

StartTLS is now supported out of the box (since release 1.0.0)

Details on how to configure it can be found here:

https://www.shinyproxy.io/configuration/#ldap

Best,
Tobias