IdP for Username/Password Authentication LDAPS (with AD) issues
Youssef GHORBAL
youssef.ghorbal at pasteur.fr
Wed Mar 23 06:02:01 EDT 2016
> On 23 Mar 2016, at 10:55, Peter Schober <peter.schober at univie.ac.at> wrote:
>
> * Youssef GHORBAL <youssef.ghorbal at pasteur.fr> [2016-03-23 10:30]:
>> The OpenLDAP had a certificate signed by a public CA. The AD not.
>
> Do you mean it's self-signed or signed by a non-public CA?
The AD certificate is signed by a non-public CA.
> * Youssef GHORBAL <youssef.ghorbal at pasteur.fr> [2016-03-23 10:30]:
>> The documentation says that you can do either way :
>>
>> 1 - add the CA to the keystore with the keytool
>> 2 - use the sslSocketFactory to point to the exact PEM file you need to validate the certificate chain. That’s what I’m trying to do.
>>
>> => I may be misunderstanding the documentation here, maybe you have to do both, but it’s unlikely.
>
> I'm not sure either way, did you try whether doing both fixes the
> issue?
That’s what I’ll test today.
Thank you for your assistance !
Youssef
More information about the users
mailing list