Active Directory ldaps authentication
Michael O Holstein
michael.holstein at csuohio.edu
Mon Aug 3 12:38:18 EDT 2015
Try this :
keytool -import -file /my/ad.crt -trustcacerts -alias myad -keystore $JAVA_HOME/jre/lib/security/cacerts
Michael Holstein
Cleveland State University
________________________________________
From: users <users-bounces at shibboleth.net> on behalf of Mr. Christopher Bland <chris at fdu.edu>
Sent: Monday, August 3, 2015 12:11 PM
To: Shib Users
Cc: Mr. Danovan Delray Golding
Subject: Active Directory ldaps authentication
Hi All,
I am sure someone has figured this out but I seem to be missing something. We are in the process of converting to an AD server for authentication. I can do regular unencrypted auth no problem so I know my config is ok. I can also do ldapsearch using ldaps by ignoring the cert using "TLS_REQCERT never”. I keep getting "PKIX path building failed”. I know from previous post it is a problem with tracing my cert back to a CA. I have tried sslSocketFactory="{trustCertificates=file:path_to_AD_CA_cert}” in my login.config file. I also tried adding the cert to my IDP keystone. Neither have worked for me. When I use openssl to get the AD ldap server cert I noticed that it is the CA cert. The subject is blank and the issuer is my AD CA server.
Do I need a different cert? Am I missing something in my config?
Thank you in advance,
-Chris
--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list