-
Notifications
You must be signed in to change notification settings - Fork 18
Enable TLS
Marc Boorshtein edited this page Aug 12, 2016
·
2 revisions
- Get either the CA certificate that is signing the certificate used by your directory or the certificate for the directory its self
- Create a keystore for the certificate
- Add the keystore as the trust store for MyVD
- Configure the LDAP insert to use LDAPS
Assuming the certificate is in PEM format:
$ keytool -import -keystore /path/to/myvd/conf/myvd-server.ks -alias mycert -rfc -file /path/to/cert.pem -trustcacerts
Or if the certificate is a cer or der file
$ keytool -import -keystore /path/to/myvd/conf/myvd-server.ks -alias mycert -file /path/to/cert.cer -trustcacerts
Make sure to change the alias to something that is descriptive for the certificate.
Make sure the configuration parameter "type" on your LDAP insert is set to ldaps and the port is set to 636 (or whichever port LDAPS is on):
server.ad.chain=objmap,membertrans,LDAP
server.ad.nameSpace=o=ad
server.ad.weight=0
server.ad.objmap.className=net.sourceforge.myvd.inserts.mapping.AttributeValueMapper
server.ad.objmap.config.mapping=objectClass.posixAccount=user,objectClass.posixGroup=group
server.ad.membertrans.className=net.sourceforge.myvd.inserts.mapping.AttributeMapper
server.ad.membertrans.config.mapping=uniqueMember=member,uid=samAccountName
server.ad.LDAP.className=net.sourceforge.myvd.inserts.ldap.LDAPInterceptor
server.ad.LDAP.config.host=myserver.domain.com
server.ad.LDAP.config.port=636
server.ad.LDAP.config.remoteBase=DC=test,DC=mydomain,DC=com
server.ad.LDAP.config.proxyDN=CN=admin,DC=test,DC=mydomain,DC=com
server.ad.LDAP.config.proxyPass=manager
server.ad.LDAP.config.passBindOnly=true
server.ad.LDAP.config.ignoreRefs=true
server.ad.LDAP.config.type=ldaps