2 Replies Latest reply on Feb 23, 2004 3:07 PM by darren hartford

    SelfSigned OpenLDAP - how to setup JBoss for LDAP:SSL Login-

    darren hartford Expert

      Hey all,
      I have been using OpenLDAP for authentication for some time (since 3.0.x), but I have never been able to get SSL/TLS to work correctly when trying to authenticate against my OpenLDAP install.

      Here is my login-conf.xml:
      ===snip===
      <application-policy name = "Ldap">

      <login-module code = "org.jboss.security.auth.spi.LdapLoginModule"
      flag = "required">
      <module-option name = "java.naming.factory.inital">com.sun.jndi.ldap.LdapCtxFactory</module-option>
      <module-option name = "java.naming.provider.url">ldap://ldapserver</module-option>
      <module-option name = "java.naming.security.authentication">simple</module-option>
      <module-option name = "allowEmptyPasswords">false</module-option>
      <module-option name = "java.naming.security.protocol">ssl</module-option>
      ===snip===

      Other applications are using OpenLDAP with SSL and TLS, so it is not on the OpenLDAP server side. My guess is that since my OpenLDAP is self-signed, I have to generate a client certificate and put that -somewhere- in JBoss.

      So, where should this client certificate go (if this is the problem), and how to point to it?
      TIA!
      -D