Hi Marc,
you have to add a SSL transport, which is an entry in config:
dn:
ads-transportid=ldaps,ou=transports,ads-serverId=ldapServer,ou=servers,ads-d
irectoryServiceId=default,ou=config
entryCSN: 20190314165427.339000Z#000000#000#000000
ads-transportid: ldaps
objectclass: ads-transport
objectclass: ads-tcpTransport
objectclass: ads-base
objectclass: top
createTimestamp: 20190314165427.340Z
ads-systemport: 10636
ads-transportaddress: 0.0.0.0
creatorsName: uid=admin,ou=system
ads-enabled: TRUE
entryUUID: 99eda43c-59c6-44ce-b44f-40d3a837190d
ads-transportenablessl: TRUE
entryParentId: 9aea45a3-9b01-4d81-8ae5-2ad3623b4a9d
I think it's all what you need if you don't want to use a keyStore,
otherwise you have to add some attributes in the ldap server config file :
dn:
ads-serverId=ldapServer,ou=servers,ads-directoryServiceId=default,ou=config
Typically, ads-keystoreFile which is the path to the keystore, and
ads-certificatePassword which contains the keystore password (which is
misleading, because it has nothing to do with a certificate password...
That is going to change)
Hope it helps.
(all that from the top of my head)
On 01/04/2019 17:12, Marc Boorshtein wrote:
I've got my container working and I want to add TLS support. I found
a link in the docs for configuring an external keystore but it uses
the GUI. Looks like I need to edit the
ads-transportid=ldaps,ou=transports,ads-serverId=ldapServer,ou=servers,ads-directoryServiceId=default,ou=config
object? Before I start digging through schema is there a doc or
example ldif?
Thanks
Marc
