Connecting to LDAP secure?

23 views
Skip to first unread message

Lauren Anderson

unread,
Mar 10, 2020, 2:28:54 PM3/10/20
to uport...@apereo.org

Has anyone connected to Active Directory over an LDAPS connection with a digital certificate? We’re currently using uPortal 4. We have been using an LDAP port (ldap://servername:port) but are required to use a secure ldaps:// connection now. When I tried it I got an SSHHandshakeException. I have a certificate but I don’t know how to configure this. Do I need to modify the Spring LDAP context to handle SSL? Where do I import the certificate? I have no idea how to do this.

 

Lauren

 

Aaron Grant

unread,
Mar 10, 2020, 4:27:04 PM3/10/20
to Lauren Anderson, uport...@apereo.org
We currently connect securely using OpenLDAP with uPortal 5, however I think because of the GlobalSign certs we use our implementation is a bit easier. 

In the past when we had different certificates, we had to put them in the cacerts keystore that uPortal's JVM used. We did it similar to this: http://roufid.com/java-ldap-ssl-authentication/ however I haven't done this in a while, so there might be a better solution out there now.

Also I'm not sure how AD works, but OpenLDAP is 636 for LDAPS and 389 for LDAP, so make sure your OS and firewall appliances are letting that traffic through too. 

On Tue, Mar 10, 2020 at 2:28 PM Lauren Anderson <laur...@byu.edu> wrote:

Has anyone connected to Active Directory over an LDAPS connection with a digital certificate? We’re currently using uPortal 4. We have been using an LDAP port (ldap://servername:port) but are required to use a secure ldaps:// connection now. When I tried it I got an SSHHandshakeException. I have a certificate but I don’t know how to configure this. Do I need to modify the Spring LDAP context to handle SSL? Where do I import the certificate? I have no idea how to do this.

 

Lauren

 

--
You received this message because you are subscribed to the Google Groups "uPortal Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to uportal-dev...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/uportal-dev/D2653A8A-72BA-476D-BBC2-89EC7F251535%40byu.edu.


--
Aaron Grant
Interim Director of Enterprise Systems 

fayz

unread,
Feb 26, 2021, 6:50:14 PM2/26/21
to uPortal Developers, asgrant, uport...@apereo.org
Hi,

I see you're using OpenLDAP with uPortal 5 can you guide me about the configuration of uPortal to use OpenLDAP server.
Reply all
Reply to author
Forward
0 new messages