Thanks a lot for all your responses. I am sorry to hear that client authentication using X.509 cert isn't implemented in Apache DS. Is there any plan to implement this in future releases? Could someone perhaps point out which class/package in ApacheDS is responsible for handling the SSL connection?
Thanks! ND -----Original Message----- From: ayyagariki...@gmail.com [mailto:ayyagariki...@gmail.com] On Behalf Of Kiran Ayyagari Sent: Sunday, November 25, 2012 12:37 PM To: users@directory.apache.org Subject: Re: Configure LDAPS with 1x and 2x SSL on ApacheDS 2.0 M8 On Fri, Nov 23, 2012 at 12:01 AM, Nick Duan <nd...@dtechspace.com> wrote: > Could someone share some info/hits on how to setup ApacheDS 2.0 with 1 > way and 2 way SSL (LDAPS)? I was able to enable to run LDAPS in 1 way > SSL with the server using ApacheStudio by enabling the default LDAPS > settings on ApacheDS and using the server self-generated certs, but unable to configure > the server using external certificates. It seems there is lack of doc on > this topic. I am particularly interested in finding answers to the > following problems: > > > > 1. I found the two LDAPS related attributes, ads-certificatePassword > and ads=keystoreFile, under the node ou=config, ou=service, > ou=ads-serviceid=ldapServer, but couldn't find any attribute that specifies > the keystore password. Would a keystore password required in this case? > > yes, it appears that ads-certificatePassword is used as keystore > password (looks like a bad config name) > 2. How to specify truststore file path and password, and cert id, > etc.? If to configure LDAPS using 2 way SSL (i.e. using client cert > for > authentication) > > currently 2 way SSL is not supported (server accepts all client certificates), can you raise a feature request in JIRA? But prior to that It would help us if you can provide more details about the use case. > 3. Where is the default self-signed certificate file/keystore > generated by ApacheDS? > > > in the entry uid=admin,ou=system > > Any help and suggestions are highly appreciated. > > > > ND > > -- Kiran Ayyagari http://keydap.com
