View Full Version : Authentificating against ldap using certificate
paquerette
Oct 10th, 2007, 10:35 AM
Hi,
I've to authentificate against a ldap server with a certificate rather that user/pwd.
I guess I need to change the url to ldaps://server:636 but where should I put the certificate ?
How can I do that with LDAP Template ? I didn't find anything about this in the documentation.
Notice that I don't need this ldap to authenticate my web application user, but I need to connect to it with a specific user to make updates.
Regards,
Paquerette.
rasky
Oct 11th, 2007, 12:38 AM
In the general case you'll just need to tell Java where to find the certificate, and the underlying SSL mechanism will take care of the details. This is configured using System properties:
javax.net.ssl.keyStore
javax.net.ssl.keyStorePassword
javax.net.ssl.trustStore
javax.net.ssl.trustStorePassword
In many cases the keyStore and the trustStore will be the same, but they will often need to be configured both of them anyway.
paquerette
Oct 11th, 2007, 07:18 AM
Hi,
Thanks for the info !
I was planning to use stunnel to solve the issue, as I'm really willing to use spring-ldap.
Do you have any tutorial on this. I'll google the subject right now, but if you have something it could save me some precious time ;)
Anyway, I'll post what I've found to share with the community
Thanks again,
Paquerette
paquerette
Oct 11th, 2007, 11:47 AM
There's a post about it :
http://forum.springframework.org/showthread.php?t=28717
But I'm really lost with the keystore thing.
I use Sun One Directory 5.2 SP6.
I've requested a new certificate from the managed certificate console,
I Send it to the my client, who signed it with it's CA chain and the client returned me the signed ldap server certificate and the 2 certificates involved in the ca chain that signed the server certificate.
That's one thing.
The other thing is that the LDAP directory is filled with test data and I've a user defined that I should use to connect to LDAP with my java app.
This user has an attribute :
userCertificate;binary:: (... certificate ...)
So I guess, on the java side I need to do something with this certificate to authenticated with the server. But shouldn't this certificate be somehow related with the server certificate's ? It existed before we imported the server certificate....
I really don't know what to do with this cert.
paquerette
Powered by vBulletin® Version 4.2.1 Copyright © 2013 vBulletin Solutions, Inc. All rights reserved.