You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@servicemix.apache.org by Radomir Kadlec <ra...@aura.cz> on 2013/10/02 11:48:49 UTC

LDAP SSL connection not works

Hello,
we changed from older apache-servicemix-4.4.1-fuse-07-11 to
apache-servicemix-4.5.2.
But the LDAP SSL connection not works in the apache-servicemix-4.5.2.

*The faultstring is:*
<faultstring>Unable to setup SSL support for LDAP: Unable to lookup
configured keystore and/or truststore</faultstring>

We use this *configuration for jaas:module*:
        <jaas:module 
            className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule"
            flags="sufficient">
            initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
            connection.username=${ldap.connection.username}
            connection.password=${ldap.connection.password}
            connection.protocol=
            connection.url=${ldap.url}
            user.base.dn=${ldap.user.base.dn}
            user.filter=${ldap.user.filter}
            user.search.subtree=true
            role.base.dn=${ldap.role.base.dn}
            role.name.attribute=${ldap.role.name.attribute}
            role.filter=${ldap.role.filter}
            role.search.subtree=false
            authentication=simple
            ssl.protocol=SSL
            ssl.truststore=ldaptruststore
            ssl.algorithm=PKIX
        </jaas:module>

*In the debug we found two mistakes:*

1) In *OsgiKeystoreManager.checkForKeystoresAvailability* can the loop never
go through because of timeout/1000 is never geater than 0.

2) When the timeout was changed to 2000 in debug the OsgiKeystoreManager
enforces a presention of *keyStore* before the truststore is checked.
Why? It was not so - only truststore was sufficient.
And in the documentation for Karaf is the ssl ldap connection configured
with only truststore without keystore too. See
http://karaf.apache.org/manual/latest-2.3.x/developers-guide/security-framework.html

Mr. Jean-Baptiste Onofré fixed something in Karaf 2.2.11, but this helps
not, because changing timeout from 0 to 10 chnges the behaviour not. See
https://issues.apache.org/jira/browse/KARAF-2237

What is wrong with ldaps?
Is there some solving?

Thanks
Radomir




--
View this message in context: http://servicemix.396122.n5.nabble.com/LDAP-SSL-connection-not-works-tp5717993.html
Sent from the ServiceMix - User mailing list archive at Nabble.com.