Home/ Questions/Q 9251721
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-18T10:46:22+00:00

I have created a test environment. I have one ldap client, ldap listener (as

  • 0

I have created a test environment. I have one ldap client, ldap listener (as a ldap proxy) and a ldap server. Ldap client sends ldap requests to ldap proxy on port 389 (SSL). Ldap proxy decodes the ldap requests and forwards them to the ldap server on port 389. And the proxy forwards the reply of the ldap server to ldap client successfully.

I created SSL certificate on ldap server. And this time I tested that ldap client sends ldap requests to ldap proxy on port 389 (SSL). Ldap proxy forwarded requests to the ldap server on port 636. And the proxy forwards the reply of the ldap server to ldap client successfully.

But there is a problem when I try to use SSL on both sides. I mean

ldap client (port 636) -> ldap proxy (port 636) -> ldap server (port
636)

My client throws an exception

javax.net.ssl.SSLHandshakeException: Remote host closed connection
during handshake

I am using unboundid ldap sdk and LdapDebugger example as a ldap proxy. How can I configure ldaplistener to accept SSL encrypted requests(port 636)?

thanks in advance…

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If you’re using the ldap-debugger tool provided with the LDAP SDK, it currently only supports SSL for communicating with the backend server, but not when communicating with a client. That is, the “–useSSL” option applies only for communication between the LDAP debugger and the backend directory server, and not between the client and the LDAP debugger. However, because this is potentially a very useful feature, I have just committed a set of changes that add this capability, so if you check out and build the latest version of the LDAP SDK, you will find that the ldap-debugger tool has a new “–listenUsingSSL” argument that controls this.

    Note that regardless of whether you’re using the ldap-debugger tool or you have created your own listener via Java code, you need to ensure that you have a Java keystore that contains the SSL certificate that will be presented to clients. If the LDAP server you’re using is Java-based (e.g., the in-memory directory server provided with the LDAP SDK), then you probably already have this. Otherwise, you’ll need to create one. If you’re just doing this for testing purposes, a self-signed certificate should be just fine (as long as the client trusts it, or is configured to blindly trust all certificates).

    • 0