[midPoint] LDAP connector SSL

Pálos Gustáv gustav.palos at gmail.com
Tue Nov 17 22:54:32 CET 2015


Hi,

You can inspirate from:
https://wiki.evolveum.com/pages/viewpage.action?pageId=15859743

Gusto

2015-11-17 19:11 GMT+01:00 Jason Everling <jeverling at bshp.edu>:

> I would try and import your LDAP Certs or LDAP CA Certs into the
> midpoint.home/keystore.jceks keystore. I had to put all our CA certs into
> this file and also Google's mail ca certs so that notifications would go
> out. The default password for the keystore is in your config.xml file
>
> JASON
>
> JASON
>
> On Tue, Nov 17, 2015 at 12:07 PM, Devin Rosenbauer <
> devin at identityworksllc.com> wrote:
>
>> Hey all,
>>
>> I'm working on deploying a demo LDAP connector to an OpenDJ LDAP
>> instance. I've got everything set up and working great in non-SSL mode.
>> When I switch the connection security configuration property to "ssl", the
>> connection times out every time, with this root cause stack trace:
>>
>> Caused by: org.apache.directory.api.ldap.model.exception.LdapException:
>> TimeOut occurred
>>         at
>> org.apache.directory.ldap.client.api.LdapNetworkConnection.writeRequest(LdapNetworkConnection.java:4138)
>> ~[api-all-1.0.0-M31-e1.jar:1.0.0-M31-e1]
>>         at
>> org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1287)
>> ~[api-all-1.0.0-M31-e1.jar:1.0.0-M31-e1]
>>         at
>> org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1185)
>> ~[api-all-1.0.0-M31-e1.jar:1.0.0-M31-e1]
>>         at
>> com.evolveum.polygon.connector.ldap.LdapConnector.bind(LdapConnector.java:1030)
>> ~[connector-ldap-1.4.1.23.jar:na]
>>
>> After looking through the code, I'm guessing that the SSL filter is
>> attempting to prompt the non-existent keyboard user to accept or deny the
>> certificate. I've imported the cert as a trusted certificate into the Java
>> cacerts file, but I'm not sure that that's what the LDAP connector is using.
>>
>> Any suggestions?
>>
>>
>>
>> --
>> Devin Rosenbauer
>> Principal Consultant
>> Identity Works LLC
>> +1 585 210 3201
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
>
>
> CONFIDENTIALITY NOTICE:
> This e-mail together with any attachments is proprietary and confidential;
> intended for only the recipient(s) named above and may contain information
> that is privileged. You should not retain, copy or use this e-mail or any
> attachments for any purpose, or disclose all or any part of the contents to
> any person. Any views or opinions expressed in this e-mail are those of the
> author and do not represent those of the Baptist School of Health
> Professions. If you have received this e-mail in error, or are not the
> named recipient(s), you are hereby notified that any review, dissemination,
> distribution or copying of this communication is prohibited by the sender
> and to do so might constitute a violation of the Electronic Communications
> Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the
> sender and delete this e-mail and any attachments from your computer.
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>


-- 
s pozdravom

Gustáv Pálos
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20151117/81962fe1/attachment.htm>


More information about the midPoint mailing list