LDAP and Ignoring SSL Errors

Hi Schley,

I think the easiest way would be to import the certificates to the TeamCity JVM (using keytool) and thus get rid of errors.
Or you can provide your own SSLContext with a custom X509TrustManager that doesn't perform any checks. To set it up in TeamCity use "java.naming.factory.initial" property. This is a bit more complicated.

Some links that might be helpful:
http://java.sun.com/javase/6/docs/api/javax/net/ssl/SSLContext.html
http://java.sun.com/javase/6/docs/api/javax/net/ssl/X509TrustManager.html
http://java.sun.com/javase/6/docs/api/javax/net/ssl/SSLSocketFactory.html


---
Maxim

Maxim,

Yes, the easiest solution would be to import the certificates, but as I said, that would necessitate working with the IT department and that can take weeks sometimes. I'm familiar with how to set up your own SSL context verification class as I've done so many times, but what I'm not familiar with is where to initialize that property in TeamCity and where to place the JAR with the class in it so that the TeamCity classloader loads it.

Thanks!

I see.

You can put the JAR into /WEB-INF/plugins/ldap/server/ (or to /WEB-INF/lib/ if that didn't work).
The property I mentioned should be defined in your ldap-config.properties file, which is located in <TEAMCITY_DATA_DIRECTORY>/config/

To be sure please turn on DEBUG logging for TeamCity, then LDAP plugin will dump the context it is working.


---
Maxim

Maxim,

Thank you. And perhaps I jumped ahead of myself. I've ignored SSL warnings for HTTPS connections by creating a no-op X509TrustManager before. I didn't realize the LDAP context factory was different. I guess I have some reading to do on what interfaces to implement to provide my own version of the com.sun.jndi.ldap.LdapCtxFactory class.

Thanks again!