For creating trusted connections to LDAP you need to do the following: 1. Generate a test certificate using javatools that come with JDK. 2. Import this certificate in your AD. 2. Now you need to add this certificate(private key) to your truststore from where you will run the LDAP client. This is your cloudstack system, the directory should be visible to management server. keytool -import -file test.cer -alias test -keystore trusted.ks -storepass secret
3. The certificate is now in the trust store trusted.ks. Combined with the storepass you can instruct ldap client (jndi) to make a ssl connection to LDAP. Sadhu, Can you add more as you have worked on AD ? -abhi On Wed, Jul 31, 2013 at 3:26 PM, Ian Duffy <i...@ianduffy.ie> wrote: > So far I installed the "Active Directory Certificate Services" > > Confirmed Domain Controller authentication was present in both > Certificate Templates and CA -> Certificate templates. > > I created a new cert in MMC under personal, exported this and used > keytool to create a keystore > > keytool -import -file ldapcert.der -keystore ldap.truststore > > Is this all that is required? >
