 |
Community |
 |
 |
 |
|
Hide | |
Announcements
How-tos
Documentation
General Q&A
Best Practices
General Virtual...
Virtualization ...
Suggestion Box
Virtual Applian...
Virtual Applian...
How-tos
Documentation
General Q&A
Best Practices
General Virtual...
Virtualization ...
Suggestion Box
Virtual Applian...
Virtual Applian...
|
Topic Title: LDAPS for Active Directory? Topic Summary: Will you support SSL for the ldap authentication connection? Created On: 01/31/2007 02:42 PM |
Linear : Threading : Single : Branch |
 |
- jasonmartens | - 01/31/2007 02:42 PM |
|
- cbarclay | - 01/31/2007 03:44 PM |
|
- jasonmartens | - 01/31/2007 03:51 PM |
|
- cbarclay | - 01/31/2007 03:54 PM |
|
- jasonmartens | - 01/31/2007 04:46 PM |
|
- cbarclay | - 02/02/2007 05:32 PM |
 Topic Tools
|
01/31/2007 02:42 PM
|
|
|
I just set up the ldap authentication in VI 3.1, but it appears that you only support ldap, not ldaps (aka tls/ssl). That's a dealbreaker for me, because it seems like a bad idea to be sending unencrypted usernames and passwords across the network. Do you have plans to support ldaps?
|
|
|
|
|
|
01/31/2007 03:44 PM
|
|
|
Did you try to use ldaps://<host>/?
|
|
|
|
|
|
01/31/2007 03:51 PM
|
|
|
Yes, but I got the following error message, and assumed it wasn't implemented:
Caught during invoke method: java.io.EOFException
Possible Cause: java.io.EOFException
|
|
|
|
|
|
01/31/2007 03:54 PM
|
|
|
I'll have a look into this.
|
|
|
|
|
|
01/31/2007 04:46 PM
|
|
|
As a side note, I didn't configure a keystore, which might be part of the problem.
Also, it would be nice if you had some default values in there for active directory. I had to go find the search stuff in the admin documentation.
|
|
|
|
|
|
02/02/2007 05:32 PM
|
|
|
The lack of a keystore is likely the issue.
To enable ldaps, you need to export the ldap ssl certificate from the ldap server's keystore (see Windows instructions below), copy it to the mgmt server, and then import it into the mgmt server's java keystore. The following command will import a certificate called myldapscert.cer. It assumes the current directory is /opt/VirtualIron/VirtualizationManager. ./jre/linux/bin/keytool -import -keystore ./jre/linux/lib/security/cacerts -alias myldapscert -file myldapscert.cer When prompted for a password enter changeit. Then change the url in your ldap config to use ldaps instead of ldap and you are good to go. 1. Start > Programs > Administrative Tools > Certification Authority 2. Expand cert_name node in tree 3. Click Issued Certificates 4. Double click the cert to export 5. Click Details tab 6. Click Copy to File... button 7. Click Next button 8. Click DER encoded binary X.509 (.CER) 9. Click Next button 10. Enter File name: pick (this creates a file called pick.cer). 11. Click Next 12. Click Finish Edited: 02/09/2007 at 05:51 PM by cbarclay |
|
|
|
|
|
FORUMS
:
How-tos
:
General Q&A
:
LDAPS for Active Directory?
|
Topic Tools |
FuseTalk Standard Edition - © 1999-2007 FuseTalk Inc. All rights reserved.
Copyright © 2003-2007 Virtual Iron Software, Inc. | Privacy Statement | Terms of Use | Site Map