PrevPrev Go to previous topic
NextNext Go to next topic
Last Post 09/26/2017 5:16 PM by  kshields
LDAPBIND using ldaps protocol
 4 Replies
Sort:
You are not authorized to post a reply.
Author Messages
kshields
Lawson Admin
Private
Basic Member
(27 points)
Basic Member
Posts:11


Send Message:

--
09/26/2017 12:23 PM

    We have done ldapbind's using the ldap protocol, but one client would like to implement it with ldaps protocol. Looking at the command structure, it appears the -W, -P, and -U options come into play, but I'm not sure how to set those up. Does anyone have experience with ldaps?

    Attached is the command structure for GENDIR/bin/ldapbind.




    Attachments
    Carl.Seay
    Private
    Private
    Veteran Member
    (295 points)
    Veteran Member
    Posts:101


    Send Message:

    --
    09/26/2017 1:08 PM
    I don't recall the ldapbind command being any different, but you do have to import the AD SSL Certs into the java trust stores, including the Root CA.
    kshields
    Lawson Admin
    Private
    Basic Member
    (27 points)
    Basic Member
    Posts:11


    Send Message:

    --
    09/26/2017 1:37 PM
    So that would be the LSF Websphere CellDefaultTrustStore, I presume. And just import the cert chain into Signer Certificates, correct? And do you specify any particular -U value?
    Kwane McNeal
    Private
    Private
    Veteran Member
    (1197 points)
    Veteran Member
    Posts:399


    Send Message:

    --
    09/26/2017 4:59 PM
    I don't think WebSphere has anything to do with binding (unless something has changed recently), as WebSphere doesn't directly make the call to the external authentication provider. It would be whatever cert store LSF (specifically lase) is using
    kshields
    Lawson Admin
    Private
    Basic Member
    (27 points)
    Basic Member
    Posts:11


    Send Message:

    --
    09/26/2017 5:16 PM
    Thanks Kwane - that matches what another installer told me as well. He said he retrieves the cert into Websphere's key store and then exports it from there and imports it into JAVA_HOME\jdk\jre\lib\security\cacerts using keytool.exe. That must be what lase uses.
    You are not authorized to post a reply.