In order to connect to the LDAP server over SSL (LDAPS) perform the following steps:
The default password for the JVM TrustStore is “changeit”, and you should change it to a new password:
Code Block language bash theme RDark Keytool -storepasswd -keystore /app/java/jre/lib/security/cacerts Enter keystore password: <old password> New keystore password: <new password> Re-enter new keystore password: <new password>Import the LDAP / CA certificate to the JVM trustStore. You can either import a self signed certificate, or the CA certificate that signed the LDAP certificate.
Change the LDAP URL in both UI application server and DPOD system parameters (via DPOD Console)Code Block language bash theme RDark Keytool -import -v -noprompt -trustcacerts -file <certificate file location > -keystore /app/java/jre/lib/security/cacerts -storepass <key store password>Edit server.xml to use the SSL port (The default SSL port for Active directory is 686). todo:hk montier-ui
Code Block language bash theme RDark vi /app/ui/MonTier-UI/conf/server.xmland then
Code Block language bash theme RDark <Realm className="org.apache.catalina.realm.JNDIRealm" connectionURL="ldaps://<LDAP Server Host>:686" alternateURL="ldaps://<LDAP Server Host>:389" referrals="ignore" connectionName="CN=...,OU=...,DC=..."- Change LDAP Connection URL in DPOD's Web Console to use LDAPS. Use the SSL port (The default for Active directory for Global catalog is 3269).
example : ldaps://ldap-server:3269
- Make sure you use ldaps:// prefix and SSL ports in the LDAP configuration script properties file.
Restart the DPOD Console
DPOD Console must be restarted so LDAP configuration becomes effective.
| Code Block | ||||
|---|---|---|---|---|
| ||||
stop_services.sh -o ui
start_services.sh -o ui |