honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

ldap: truststore fix for issue 168 

https://github.com/elasticsearch/elasticsearch-shield/issues/168
This makes configuring a truststore for LDAP optional.

Original commit: elastic/x-pack-elasticsearch@944a7deb28
This commit is contained in:
c-a-m 2014-10-15 10:24:35 -07:00
parent 547756f0c8
commit 1224454714
1 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/main/java/org/elasticsearch/shield/authc/ldap/LdapSslSocketFactory.java
View File

@ -40,9 +40,14 @@ public class LdapSslSocketFactory extends SocketFactory {
}
Settings componentSettings = settings.getComponentSettings(LdapSslSocketFactory.class);
SSLTrustConfig sslConfig = new SSLTrustConfig(componentSettings, settings.getByPrefix("shield.ssl."));
Settings generalSslSettings = settings.getByPrefix("shield.ssl.");
if (generalSslSettings.get("truststore") == null && componentSettings.get("truststore") == null){
logger.warn("No truststore has been configured for LDAP");
} else {
SSLTrustConfig sslConfig = new SSLTrustConfig(componentSettings, generalSslSettings);
instance = new LdapSslSocketFactory(sslConfig.createSSLSocketFactory());
}
}
/**
* This is invoked by JNDI and the returned SocketFactory must be an LdapSslSocketFactory object
@ -98,11 +103,10 @@ public class LdapSslSocketFactory extends SocketFactory {
break;
}
}
if (needsSSL) {
assert instance != null : "LdapSslSocketFactory not initialized and won't be used for LDAP connections";
if (needsSSL && instance != null) {
builder.put("java.naming.ldap.factory.socket", LdapSslSocketFactory.class.getName());
} else {
logger.debug("LdapSslSocketFactory not used for LDAP connections");
logger.warn("LdapSslSocketFactory not used for LDAP connections");
}
}
}