Within domain management where we define outbound connections to LDAP directory servers we require the ability to configure key and trust stores for the connection - presently we rely on JVM global configuration for these.

To access the directory servers we construct an InitialDirContext, by default this does not have SSL settings - to overcome this we may be able to make use of a custom SSLSocketFactory for opening the connection to the server with our custom key and trust store settings.

We need to provide support for the following scenarios: -

• Present day situation relying on username / password authentication and global SSL settings.

• Independently specifying key and trust stores.

• Servers key being mandatory but not used for authentication.
  In that case the servers key can be used for both the search connection and the password testing connection.

• Server key being used for authentication.
  No password will be sent for the search connection but the password test connection must not use the key and must instead use the users password.