roller-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Koelmeyer <d.koelme...@auckland.ac.nz>
Subject Roller with secure LDAP
Date Sun, 08 Feb 2009 00:59:42 GMT
Hi All,

Been flailing around for a while trying to get Roller 4.0 to
use a secure connection to an OpenDS 1.2.0 RC2 server
for LDAP - so credentials passed to LDAP (e.g. admin
bind account) are encrypted.

What I've done so far:

- changed to port 636 for my LDAP provider in Roller security.xml file

- exported what I believe to be the OpenDS self-signed
certificate (generated when I specifed SSL when running OpenDS
setup) from OpenDS and imported it into /usr/java/jre/lb/security/cacerts
on the machine Roller is running on

- did the same as above and imported it into my Glassfish domain at
/opt/glassfish/domains/domain1/config/cacerts.jks

I use keytool -list -keystore for both the above stores and the cert
is visible. Solaris 10 x86 is my OS on all machines.


I can't get this to work; Roller refuses to accept my LDAP
credentials, and in the OpenDS access log I simply see:

CONNECT conn=9 from=192.168.221.76:44284 to=192.168.4.64:636 protocol=LDAP+TLS
DISCONNECT conn=9 reason="I/O Error"

Flicking the port back to 389 in Roller security.xml works fine.

The LDAP server does successfully accept connections on port 636,
as using JXplorer I can connect using the same admin DN as specified
in security.xml, and the cert information when prompted by JXplorer appears
identical.

I don't know much about this so does anyone have some tips or leads? I
figured I could just import the LDAP server cert into whatver truststore
Roller uses and have it work but this is prolly naivete on my part. I'm not
even sure what truststore Roller does use.

Cheers :)
Dave


Mime
View raw message