Hello! I didn't find how to give directly to XWiki the keystore password in xwiki.cfg or somewhere else. I used the Tomcat Java options: -Djavax.net.ssl.keyStore=/path-to-jks -Djavax.net.ssl.keyStorePassword=<secret>. Without this workaround, XWiki did not send the client certificate required by the LDAP server.
See http://jira.xwiki.org/browse/XWIKI-5674 and http://jira.xwiki.org/browse/XWIKI-9319. Thank you for the discussion. Claude Lepère On Tue, Mar 4, 2014 at 1:51 PM, Pascal BASTIEN <pbasnews-xw...@yahoo.fr>wrote: > > Hello, > > I didn't modify my catalina.sh because I indicate my keystore file in my > ./webapps/xwiki_5.4.1/WEB-INF/xwiki.cfg file > #-# The keystore file to use in SSL connection > > xwiki.authentication.ldap.ssl.keystore=/usr/lib/jvm/java-7-openjdk-amd64/jre/lib/security/jssecacerts > > > Pascal B > > > ________________________________ > De : claude lepere <claudelep...@gmail.com> > À : users@xwiki.org > Envoyé le : > Objet : Re: [xwiki-users] XWiki and LDAP TLS binding > > > Hi all! > > Our LDAP server also requires the client his certificate > (olcTLSVerifyClient = demand). > As we are in Java on client side, we have to use a Java keystore (jks) > containing the cert and the corresponding private key of the client > (=XWiki). > The way we found to give this info is in the Tomcat conf file > /etc/default/tomcat7 adding -Djavax.net.ssl.keyStore=/path-to-jks > -Djavax.net.ssl.keyStorePassword=changeit to JAVA_OPTS. > Do you know other ways? > > Thank you for your answer. Claude Lepère > > > On Sat, Mar 1, 2014 at 12:15 PM, PascalB [via XWiki] < > ml-node+s475771n7589382...@n2.nabble.com> wrote: > > > Hello, > > > > I used this method to authenticate on my LDAP TLS:SSL: > > > > http://jira.xwiki.org/browse/XWIKI-865 > > > > Pascal B > > > > > > > > ________________________________ > > De : Claude Lepere <[hidden email]< > http://user/SendEmail.jtp?type=node&node=7589382&i=0>> > > > > À : [hidden email] <http://user/SendEmail.jtp?type=node&node=7589382&i=1 > > > > Envoyé le : Vendredi 21 février 2014 12h53 > > Objet : [xwiki-users] XWiki and LDAP TLS binding > > > > > > Hi! > > > > Does XWiki support LDAP TLS binding (that means a ldap connection on port > > 389 and not a SSL ldaps connection on port 686) with both server and > > client > > (= XWiki) certificates? If so, how to set up that feature? > > Many thanks for your response. > > > > Claude Lepère > > _______________________________________________ > > users mailing list > > [hidden email] <http://user/SendEmail.jtp?type=node&node=7589382&i=2> > > http://lists.xwiki.org/mailman/listinfo/users > > _______________________________________________ > > users mailing list > > [hidden email] <http://user/SendEmail.jtp?type=node&node=7589382&i=3> > > http://lists.xwiki.org/mailman/listinfo/users > > > > > > ------------------------------ > > If you reply to this email, your message will be added to the discussion > > below: > > > > > http://xwiki.475771.n2.nabble.com/XWiki-and-LDAP-TLS-binding-tp7589243p7589382.html > > To unsubscribe from XWiki and LDAP TLS binding, click here< > http://xwiki.475771.n2.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=7589243&code=Y2xhdWRlbGVwZXJlQGdtYWlsLmNvbXw3NTg5MjQzfC02Mzk2OTM4MTI= > > > > . > > NAML< > http://xwiki.475771.n2.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml > > > > > > > > > -- > View this message in context: > http://xwiki.475771.n2.nabble.com/XWiki-and-LDAP-TLS-binding-tp7589243p7589401.html > Sent from the XWiki- Users mailing list archive at Nabble.com. > > _______________________________________________ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users > _______________________________________________ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users > _______________________________________________ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
