AnsweredAssumed Answered

LDAP + SSL

Question asked by binerf on Feb 13, 2012
Latest reply on Jul 16, 2012 by ashwini
Hello,

I'm trying to configure Alfresco's (4.0b) authentication against an openldap service.
This openldap listens on port 636 with SSL.
So, I've configured the ldap-authentication.properties by adding:

ldap.authentication.java.naming.provider.url=ldaps://ldap_server:636

I've added the ldap SSL certificate in keystore file:
/opt/alfresco-4.0.b/java/bin/keytool -import -alias ldap_server -keystore /etc/java/keystore -file certificate.crt
Then I'm prompted for a password.
I typed "changeit".

Then I've modified /opt/alfresco-4.0.b/tomcat/scripts/ctl.sh:

     export JAVA_OPTS="-XX:MaxPermSize=512m -Xms128m -Xmx768m -Dalfresco.home=/opt/alfresco-4.0.b -Dcom.sun.management.jmxremote -Dsun.security.ssl.allowUnsafeRenegotiation=true -Djavax.net.ssl.trustStore=/etc/java/keystore"
but I still get an error when I try to login Alfresco web interface.

On ldap server site, we got this error:
closed (TLS negotiation failure)

So, I assume that my Alfresco is able to contact the ldap server but gets an error when it tries to open a TLS connexion.

What I'm wrong please ?

Thank you in advance for your help.

Outcomes