You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@servicemix.apache.org by Radomir Kadlec <ra...@aura.cz> on 2013/10/02 11:48:49 UTC
LDAP SSL connection not works
Hello,
we changed from older apache-servicemix-4.4.1-fuse-07-11 to
apache-servicemix-4.5.2.
But the LDAP SSL connection not works in the apache-servicemix-4.5.2.
*The faultstring is:*
<faultstring>Unable to setup SSL support for LDAP: Unable to lookup
configured keystore and/or truststore</faultstring>
We use this *configuration for jaas:module*:
<jaas:module
className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule"
flags="sufficient">
initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
connection.username=${ldap.connection.username}
connection.password=${ldap.connection.password}
connection.protocol=
connection.url=${ldap.url}
user.base.dn=${ldap.user.base.dn}
user.filter=${ldap.user.filter}
user.search.subtree=true
role.base.dn=${ldap.role.base.dn}
role.name.attribute=${ldap.role.name.attribute}
role.filter=${ldap.role.filter}
role.search.subtree=false
authentication=simple
ssl.protocol=SSL
ssl.truststore=ldaptruststore
ssl.algorithm=PKIX
</jaas:module>
*In the debug we found two mistakes:*
1) In *OsgiKeystoreManager.checkForKeystoresAvailability* can the loop never
go through because of timeout/1000 is never geater than 0.
2) When the timeout was changed to 2000 in debug the OsgiKeystoreManager
enforces a presention of *keyStore* before the truststore is checked.
Why? It was not so - only truststore was sufficient.
And in the documentation for Karaf is the ssl ldap connection configured
with only truststore without keystore too. See
http://karaf.apache.org/manual/latest-2.3.x/developers-guide/security-framework.html
Mr. Jean-Baptiste Onofré fixed something in Karaf 2.2.11, but this helps
not, because changing timeout from 0 to 10 chnges the behaviour not. See
https://issues.apache.org/jira/browse/KARAF-2237
What is wrong with ldaps?
Is there some solving?
Thanks
Radomir
--
View this message in context: http://servicemix.396122.n5.nabble.com/LDAP-SSL-connection-not-works-tp5717993.html
Sent from the ServiceMix - User mailing list archive at Nabble.com.