Currently when a customer wants to use ldaps for authentication and user synchronization, he needs to use system-wide JVM parameters, like
when using self-signed certifcates, the CA will not be known by the JVM by default and the customer will have to either append the internal CA to the JVM defaults cacerts files or use the JAVA_OPTS.
Appending a CA to an existing stoire file (cacert) is not easy, not well documented and error prone.
Overriding JAVA_OPTS is easier but could have side effects, espcially if more than one CA is used: like a (well known) CA to serve HTTPS and a private CA to do LDAPS: you end up haviong to maintain astore with several CA.
Customer asks we do the same work we did for FTPS in
i.e we introduce configuration parameters that allow using configuration properties to set the LDAPS connection using non JVM-wide settings.
1) we already have parameters for
so this request is just following the same logics that seems to have been initaited.
2) see documentation for:
3) please consider also SMTP/TLS and IMAPS (although lower priority as not requested by the customer)