directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nick Duan" <nd...@dtechspace.com>
Subject RE: Configure LDAPS with 1x and 2x SSL on ApacheDS 2.0 M8
Date Mon, 26 Nov 2012 04:28:15 GMT
Thanks a lot for all your responses.   I am sorry to hear that client
authentication using X.509 cert isn't implemented in Apache DS.   Is there
any plan to implement this in future releases?   Could someone perhaps point
out which class/package in ApacheDS is responsible for handling the SSL
connection?

Thanks!

ND

-----Original Message-----
From: ayyagarikiran@gmail.com [mailto:ayyagarikiran@gmail.com] On Behalf Of
Kiran Ayyagari
Sent: Sunday, November 25, 2012 12:37 PM
To: users@directory.apache.org
Subject: Re: Configure LDAPS with 1x and 2x SSL on ApacheDS 2.0 M8

On Fri, Nov 23, 2012 at 12:01 AM, Nick Duan <nduan@dtechspace.com> wrote:

> Could someone share some info/hits on how to setup ApacheDS 2.0 with 1 
> way and 2 way SSL (LDAPS)?  I was able to enable to run LDAPS in 1 way 
> SSL with the server using ApacheStudio by enabling the default LDAPS 
> settings on ApacheDS and using the server self-generated certs, but unable
to configure
> the server using external certificates.   It seems there is lack of doc on
> this topic.   I am particularly interested in finding answers to the
> following problems:
>
>
>
> 1.       I found the two LDAPS related attributes, ads-certificatePassword
> and ads=keystoreFile, under the node ou=config, ou=service, 
> ou=ads-serviceid=ldapServer, but couldn't find any attribute that
specifies
> the keystore password.   Would a keystore password required in this case?
>
> yes, it appears that ads-certificatePassword is used as keystore 
> password
(looks like a bad config name)

> 2.       How to specify truststore file path and password, and cert id,
> etc.?  If to configure LDAPS using 2 way SSL (i.e. using client cert 
> for
> authentication)
>
> currently 2 way SSL is not supported (server accepts all client
certificates), can you raise a feature request in JIRA?
But prior to that It would help us if you can provide more details about the
use case.

> 3.       Where is the default self-signed certificate file/keystore
> generated by ApacheDS?
>
>
> in the entry uid=admin,ou=system

>
> Any help and suggestions are highly appreciated.
>
>
>
> ND
>
>


--
Kiran Ayyagari
http://keydap.com


Mime
View raw message