topic Re: LDAP + StartTls in Alfresco Archive

LDAP + StartTls

nancygaillard — Tue, 21 Jul 2015 15:34:04 GMT

Hello,I am using Alfresco 4.2.e on Windows Server 2008 R2.I intent to configure LDAP authentication on Alfresco so that the users of my Windows AD could log on Alfresco.My problem is the use of a certificate with StartTls encryption method. Anybody of my AD can log on Alfresco, and I haven't found i

Re: LDAP + StartTls

nancygaillard — Tue, 28 Jul 2015 13:38:00 GMT

I have downloaded Apache 2.2 and used it like a front-end proxy in HTTPS. I supposed that I could authenticate but I can't.
the result is I can see the authentication page (in the first case too) but when I try to log in it provokes the same error…

Does somebody know if it is normal I can't authenticate using a front-end Apache in HTTPS?

#edit

The certificate of Apache and the one of the LDAP are different.

Re: LDAP + StartTls

nancygaillard — Wed, 05 Aug 2015 20:31:47 GMT

With the LDP Windows command, I have seen that the connection is really in SSL, and a user have to authenticate itself with SASL. So, I check connexion to the server and user authentications with Apache Directory, openssl s_client, and with SSLPoke.

I succeed log LDAP user with this configuration :

I updated only these lines of ldap-ad-authentication.properties like this :
<blockcode>
ldap.authentication.java.naming.provider.url=ldaps://SERVER.DOMAIN.local:636
ldap.synchronization.java.naming.security.principal=Alfresco
</blockcode>

I remove the line I have added in Java options of the tomcat service

I added the certificate in the C:\Alfresco\al_data\keystore\ssl.trustore with this command :


C:\Alfresco\java\bin\keytool -import -storetype JCEKS -file C:\Users\al_semsamar\Documents\se-certificate.der -alias server.domain.se.local -keystore C:\Alfresco\alf_data\keystore\ssl.truststore
‍‍‍

and I restarted Alfresco, and it works!

Thank you