VirtualIron.com | Join | Contact Us

Blog


Welcome to the Virtual Iron Forums!
Here you'll find information to help you get the maximum value from your Virtual Iron software.

Community
Decrease font size
Increase font size
Topic Title: LDAPS for Active Directory?
Topic Summary: Will you support SSL for the ldap authentication connection?
Created On: 01/31/2007 02:42 PM
Linear : Threading : Single : Branch
Topic Tools Topic Tools
View topic in raw text format. Print this topic.
 01/31/2007 02:42 PM
User is offline View Users Profile Print this message


jasonmartens
New User

Posts: 4
Joined: 01/29/2007

I just set up the ldap authentication in VI 3.1, but it appears that you only support ldap, not ldaps (aka tls/ssl). That's a dealbreaker for me, because it seems like a bad idea to be sending unencrypted usernames and passwords across the network. Do you have plans to support ldaps?
 01/31/2007 03:44 PM
User is offline View Users Profile Print this message


cbarclay
Fellow

Posts: 216
Joined: 04/28/2006

Did you try to use ldaps://<host>/?
 01/31/2007 03:51 PM
User is offline View Users Profile Print this message


jasonmartens
New User

Posts: 4
Joined: 01/29/2007

Yes, but I got the following error message, and assumed it wasn't implemented: Caught during invoke method: java.io.EOFException Possible Cause: java.io.EOFException
 01/31/2007 03:54 PM
User is offline View Users Profile Print this message


cbarclay
Fellow

Posts: 216
Joined: 04/28/2006

I'll have a look into this.
 01/31/2007 04:46 PM
User is offline View Users Profile Print this message


jasonmartens
New User

Posts: 4
Joined: 01/29/2007

As a side note, I didn't configure a keystore, which might be part of the problem. Also, it would be nice if you had some default values in there for active directory. I had to go find the search stuff in the admin documentation.
 02/02/2007 05:32 PM
User is offline View Users Profile Print this message


cbarclay
Fellow

Posts: 216
Joined: 04/28/2006

The lack of a keystore is likely the issue.

To enable ldaps, you need to export the ldap ssl certificate from the ldap server's keystore (see Windows instructions below), copy it to the mgmt server, and then import it into the mgmt server's java keystore.

The following command will import a certificate called myldapscert.cer. It assumes the current directory is /opt/VirtualIron/VirtualizationManager.

./jre/linux/bin/keytool -import -keystore ./jre/linux/lib/security/cacerts -alias myldapscert -file myldapscert.cer

When prompted for a password enter changeit.

Then change the url in your ldap config to use ldaps instead of ldap and you are good to go.

1. Start > Programs > Administrative Tools > Certification Authority
2. Expand cert_name node in tree
3. Click Issued Certificates
4. Double click the cert to export
5. Click Details tab
6. Click Copy to File... button
7. Click Next button
8. Click DER encoded binary X.509 (.CER)
9. Click Next button
10. Enter File name: pick (this creates a file called pick.cer).
11. Click Next
12. Click Finish

Edited: 02/09/2007 at 05:51 PM by cbarclay
Statistics
222 users are registered to the Community forum.
There are currently 1 users logged in.

FuseTalk Standard Edition - © 1999-2007 FuseTalk Inc. All rights reserved.


Copyright © 2003-2007 Virtual Iron Software, Inc. | Privacy Statement | Terms of Use | Site Map