String bindPassword = settings.getString(Keys.realm.ldap.password, "");
LDAPConnection conn;
if (ldapUrl.getScheme().equalsIgnoreCase("ldaps")) {
// SSL
SSLUtil sslUtil = new SSLUtil(new TrustAllTrustManager());
conn = new LDAPConnection(sslUtil.createSSLSocketFactory());
if (ldapPort == -1) {
ldapPort = 636;
}
} else if (ldapUrl.getScheme().equalsIgnoreCase("ldap") || ldapUrl.getScheme().equalsIgnoreCase("ldap+tls")) {
// no encryption or StartTLS
conn = new LDAPConnection();
if (ldapPort == -1) {
ldapPort = 389;
}
} else {
logger.error("Unsupported LDAP URL scheme: " + ldapUrl.getScheme());
return null;
}
conn.connect(ldapHost, ldapPort);
if (ldapUrl.getScheme().equalsIgnoreCase("ldap+tls")) {
SSLUtil sslUtil = new SSLUtil(new TrustAllTrustManager());
ExtendedResult extendedResult = conn.processExtendedOperation(
new StartTLSExtendedRequest(sslUtil.createSSLContext()));
if (extendedResult.getResultCode() != ResultCode.SUCCESS) {
throw new LDAPException(extendedResult.getResultCode());
}