2 Replies Latest reply on Feb 23, 2004 3:07 PM by dhartford

SelfSigned OpenLDAP - how to setup JBoss for LDAP:SSL Login-

dhartford Feb 23, 2004 8:39 AM

Hey all,
I have been using OpenLDAP for authentication for some time (since 3.0.x), but I have never been able to get SSL/TLS to work correctly when trying to authenticate against my OpenLDAP install.

Here is my login-conf.xml:
===snip===
<application-policy name = "Ldap">

<login-module code = "org.jboss.security.auth.spi.LdapLoginModule"
flag = "required">
<module-option name = "java.naming.factory.inital">com.sun.jndi.ldap.LdapCtxFactory</module-option>
<module-option name = "java.naming.provider.url">ldap://ldapserver</module-option>
<module-option name = "java.naming.security.authentication">simple</module-option>
<module-option name = "allowEmptyPasswords">false</module-option>
<module-option name = "java.naming.security.protocol">ssl</module-option>
===snip===

Other applications are using OpenLDAP with SSL and TLS, so it is not on the OpenLDAP server side. My guess is that since my OpenLDAP is self-signed, I have to generate a client certificate and put that -somewhere- in JBoss.

So, where should this client certificate go (if this is the problem), and how to point to it?
TIA!
-D

1. Re: SelfSigned OpenLDAP - how to setup JBoss for LDAP:SSL Lo

triathlon98 Feb 23, 2004 8:51 AM (in response to dhartford)

So, where should this client certificate go (if this is the problem), and how to point to it?

Put in in your JDK in jre/lib/security/cacerts

The dsk contains a "keytool" utility which can be used for this. Alternatively, IBM also has a GUI "keyman" program in DeveloperWorks somewhere.

Joachim
Actions
2. Re: SelfSigned OpenLDAP - how to setup JBoss for LDAP:SSL Lo

dhartford Feb 23, 2004 3:07 PM (in response to dhartford)

That was it! Thanks Joachim!
Actions

Go to original post