[midPoint] LDAP connector SSL

Jason Everling jeverling at bshp.edu
Tue Nov 17 19:11:41 CET 2015


I would try and import your LDAP Certs or LDAP CA Certs into the
midpoint.home/keystore.jceks keystore. I had to put all our CA certs into
this file and also Google's mail ca certs so that notifications would go
out. The default password for the keystore is in your config.xml file

JASON

JASON

On Tue, Nov 17, 2015 at 12:07 PM, Devin Rosenbauer <
devin at identityworksllc.com> wrote:

> Hey all,
>
> I'm working on deploying a demo LDAP connector to an OpenDJ LDAP instance.
> I've got everything set up and working great in non-SSL mode. When I switch
> the connection security configuration property to "ssl", the connection
> times out every time, with this root cause stack trace:
>
> Caused by: org.apache.directory.api.ldap.model.exception.LdapException:
> TimeOut occurred
>         at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.writeRequest(LdapNetworkConnection.java:4138)
> ~[api-all-1.0.0-M31-e1.jar:1.0.0-M31-e1]
>         at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1287)
> ~[api-all-1.0.0-M31-e1.jar:1.0.0-M31-e1]
>         at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1185)
> ~[api-all-1.0.0-M31-e1.jar:1.0.0-M31-e1]
>         at
> com.evolveum.polygon.connector.ldap.LdapConnector.bind(LdapConnector.java:1030)
> ~[connector-ldap-1.4.1.23.jar:na]
>
> After looking through the code, I'm guessing that the SSL filter is
> attempting to prompt the non-existent keyboard user to accept or deny the
> certificate. I've imported the cert as a trusted certificate into the Java
> cacerts file, but I'm not sure that that's what the LDAP connector is using.
>
> Any suggestions?
>
>
>
> --
> Devin Rosenbauer
> Principal Consultant
> Identity Works LLC
> +1 585 210 3201
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>

-- 


CONFIDENTIALITY NOTICE:
This e-mail together with any attachments is proprietary and confidential; 
intended for only the recipient(s) named above and may contain information 
that is privileged. You should not retain, copy or use this e-mail or any 
attachments for any purpose, or disclose all or any part of the contents to 
any person. Any views or opinions expressed in this e-mail are those of the 
author and do not represent those of the Baptist School of Health 
Professions. If you have received this e-mail in error, or are not the 
named recipient(s), you are hereby notified that any review, dissemination, 
distribution or copying of this communication is prohibited by the sender 
and to do so might constitute a violation of the Electronic Communications 
Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the 
sender and delete this e-mail and any attachments from your computer. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20151117/5f8bcee4/attachment.htm>


More information about the midPoint mailing list