directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <kayyag...@apache.org>
Subject Re: Configure LDAPS with 1x and 2x SSL on ApacheDS 2.0 M8
Date Sun, 25 Nov 2012 17:37:09 GMT
On Fri, Nov 23, 2012 at 12:01 AM, Nick Duan <nduan@dtechspace.com> wrote:

> Could someone share some info/hits on how to setup ApacheDS 2.0 with 1 way
> and 2 way SSL (LDAPS)?  I was able to enable to run LDAPS in 1 way SSL with
> the server using ApacheStudio by enabling the default LDAPS settings on
> ApacheDS and using the server self-generated certs, but unable to configure
> the server using external certificates.   It seems there is lack of doc on
> this topic.   I am particularly interested in finding answers to the
> following problems:
>
>
>
> 1.       I found the two LDAPS related attributes, ads-certificatePassword
> and ads=keystoreFile, under the node ou=config, ou=service,
> ou=ads-serviceid=ldapServer, but couldn't find any attribute that specifies
> the keystore password.   Would a keystore password required in this case?
>
> yes, it appears that ads-certificatePassword is used as keystore password
(looks like a bad config name)

> 2.       How to specify truststore file path and password, and cert id,
> etc.?  If to configure LDAPS using 2 way SSL (i.e. using client cert for
> authentication)
>
> currently 2 way SSL is not supported (server accepts all client
certificates), can you raise a feature request in JIRA?
But prior to that It would help us if you can provide more details about
the use case.

> 3.       Where is the default self-signed certificate file/keystore
> generated by ApacheDS?
>
>
> in the entry uid=admin,ou=system

>
> Any help and suggestions are highly appreciated.
>
>
>
> ND
>
>


-- 
Kiran Ayyagari
http://keydap.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message