[ http://jira.xwiki.org/jira/browse/XWIKI-865?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Thomas Mortagne reopened XWIKI-865: ----------------------------------- > add support for LDAP over SSL (ldaps) > ------------------------------------- > > Key: XWIKI-865 > URL: http://jira.xwiki.org/jira/browse/XWIKI-865 > Project: XWiki Core > Issue Type: Improvement > Components: Plugin - Other > Affects Versions: 1.1 M3 > Reporter: Philippe Marzouk > Assigned To: Thomas Mortagne > Priority: Minor > Attachments: xwiki-ldap-ssl.patch > > > This patch adds support for SSL connections to the ldap server. To activate > the SSL layer, I added a new configuration parameter in xwiki.cfg > (xwiki.authentication.ldap.ssl) which has to be set to 1. Of course the ldap > port has to be changed too (to 636). > > > In order for the SSL connection to be established, the CA certificate which > delivered the SSL certificate of the ldap server must be added to the trust > store of the JSSE extension. > > > >From the Sun JSSE documentation: > > > The search order for the locating the trust store is: > 1) <java-home>/lib/security/jssecacerts, then > > 2) <java-home>/lib/security/cacerts > > If the file jssecacerts exists, then cacerts is not consulted. > So in order to make it work you have to create a trust store named > jssecacerts with the following command and place it in the suitable directory > of the JRE or JDK used by your container: > keytool -import -trustcacerts -alias ca -file cacert.crt -keystore > jssecacerts > (answer yes when asked if you want to trust the certificate) > I read on the web the default password for cacerts is 'changeit' so I used > that, I didn't try yet with another password for the trust store. > I believe if the SSL certificate of the ldap server is self signed you need > to import it instead of the CA but I did not try. > The patch makes use of com.sun.net.ssl.internal.ssl.Provider as the hard > coded security provider, it should maybe be put as a parameter for people not > running Sun JVMs. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.xwiki.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira _______________________________________________ notifications mailing list notifications@xwiki.org http://lists.xwiki.org/mailman/listinfo/notifications