LDAP Integration - Add support for StartTLS

[ghillert]

While SSL over LDAP (LDAPs) is supported, we don't currently support StartTLS out of the box.

In order to use StartTLS we have to configure Spring LDAP with a DirContextAuthenticationStrategy, e.g. DefaultTlsDirContextAuthenticationStrategy.

As such we have to add an additional YAML property:

dataflow.security.authentication.ldap.starttls-enabled

We probably also need to support the ability to switch between the relevant DirContextAuthenticationStrategy:

• DefaultTlsDirContextAuthenticationStrategy
• ExternalTlsDirContextAuthenticationStrategy

Testing is a bit of an issue as ApacheDS 1.5 has some iffy support for StartTLS in regards to configuring certificates.

[ghillert]

See also:

• SEC-3024: Support ApacheDS 2.0.M20 spring-projects/spring-security#3176
• Add LDAPs support to ApacheDSContainer spring-projects/spring-security#4096

[sabbyanandan]

In 2.x, we will revisit this in the context of OAuth's integration model with LDAP.

[sabbyanandan]

Closing this in favor of the UAA's OAuth + LDAP possibilities.