on 04-24-2013 9:25 PM
Hi there,
Does anyone have a decent guide for setting up LDAP access to IDM? At this point, I'll take any LDAP, but would prefer Active Directory. I also don't care what kind of CA is being used (Linux or Windows) Just want to master this particular skill.
Thanks,
Matt
Hi Matt,
just to clarify: you want an Active Directory to get access _to_ IdM using the LDAP protocol? I think you should use VDS for that, but beyond this I have no clue
In case you want IdM to connect to ActiveDirectory using SSL I have some steps to follow (not a real guide though):
1. SSL is already configured on MS-AD, you know the port (usually 636)
2. Change the LDAP_PORT in the repository
3. Example: InitialLoad Job - ReadFromLDAP Pass - Tab Source: Change Security Option to "SSL"
4. Import the Certificate used; herefore I like the tool "InstallCert.java" supplied by SUN, you can find it here: http://code.google.com/p/java-use-examples/source/browse/trunk/src/com/aw/ad/util/InstallCert.java
4.1 Compile the .java: javac.exe InstallCert.java
4.2 Run it: java InstallCert dc-host.domain.ext:636
4.3 Ignore the StackTrace (if any) and select the certificate
4.4 In the directory where you executed InstallCert you'll find a file jssecacerts
4.5 In IdM-MMC, check the Path to java, e.g. c:\jre6\bin\java.exe
4.6 Copy jssecacerts to c:\jre6\lib\security
5. InitialLoad - ReadFromLDAP-Pass works with SSL now (at least it did for me)
Hope this helps already
BR
Michael
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
It should. However, there is one big caveat - the settings in AD security. The above should work fine for default installations. If they've hardened it in any way it becomes more problematic. It might require your server to have certificates created using the same root CA etc (or even more mucking about...).
Hopefully the AD team has left it alone or at least documented it.
Peter
Hi Matt
could you fight your way through?
Just curious...
BR
Michael
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Matt,
It should work for a To or From LDAP pass. In the security guide, there is a section on this. However, Michael has provided with a more elaborate steps.
"7.4.1.2 Connecting to an LDAP server over SSL"
Cheers,
Murali
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
88 | |
10 | |
10 | |
9 | |
6 | |
6 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.