IdP for Username/Password Authentication LDAPS (with AD) issues

Youssef GHORBAL youssef.ghorbal at pasteur.fr
Wed Mar 23 06:02:01 EDT 2016


> On 23 Mar 2016, at 10:55, Peter Schober <peter.schober at univie.ac.at> wrote:
> 
> * Youssef  GHORBAL <youssef.ghorbal at pasteur.fr> [2016-03-23 10:30]:
>> The OpenLDAP had a certificate signed by a public CA. The AD not.
> 
> Do you mean it's self-signed or signed by a non-public CA?

The AD certificate is signed by a non-public CA.

> * Youssef  GHORBAL <youssef.ghorbal at pasteur.fr> [2016-03-23 10:30]:
>> The documentation says that you can do either way :
>> 
>> 1 - add the CA to the keystore with the keytool
>> 2 - use the sslSocketFactory to point to the exact PEM file you need to validate the certificate chain. That’s what I’m trying to do.
>> 
>> => I may be misunderstanding the documentation here, maybe you have to do both, but it’s unlikely.
> 
> I'm not sure either way, did you try whether doing both fixes the
> issue?

That’s what I’ll test today.

Thank you for your assistance !

Youssef



More information about the users mailing list