how to accept self-signed certificates for JNDI/LDAP connections?

Question

I need to connect to an LDAP directory over SSL.

In non-production environments, we use self-signed certificates which, of course, fails to validate with:

Answer 1

Setting aside JNDI entirely, some frameworks will refer to the LOCAL SYSTEM LDAP configuration (this is typically /etc/ldap.conf or something like that). When I say LOCAL, I mean the system(s) on which your JNDI operation is running.

At least in the case of most LDAP-enabled Linux OSs, inside of such an LDAP config file is (usually) a line that reads:

TLS_REQCERT demand

This is the default TLS/SSL criticality setting (and the most strict), as it will fail the connection if ANYTHING WHATSOEVER is wrong with the certificate (this includes being self-signed).

You can experiment with different settings instead of 'demand' (play with 'allow' or 'never'). Once this is done, try your operation again and see if your issue subsides. Again, not all things like this will read or even detect your local system settings. Some do, some don't. Worth a look.

I hope this helps...

Max