[
https://issues.apache.org/jira/browse/GERONIMO-3812?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12566134#action_12566134
]
Sakari Maaranen commented on GERONIMO-3812:
-------------------------------------------
I solved the problem that was caused by missing configuration of trusted
certificate authorities with the LDAP security realm.
First, using Geronimo keystore tools, I created a new keystore and a private
key in it. I signed it using Geronimo CA. Lastly I added my Geronimo CA
certificate as a trusted certificate in the same keystore. I copied that
keystore to ApacheDS and configured LDAPS with that.
The "original" copy of the same keystore still remains in the Geronimo
var/security/keystores/ directory.
Before starting Geronimo I did the following:
JAVA_OPTS="-Djavax.net.ssl.trustStore=<geronimo-home>/var/security/keystores/<keystore-filename>
-Djavax.net.ssl.trustStorePassword=<password>"
export JAVA_OPTS
cd <geronimo-home>
bin/geronimo.sh start
Now I have fully configured ApacheDS 1.0.2 standalone LDAPS with Geronimo 2.0.2.
Not sure if using JAVA_OPTS is the best place for this configuration though.
Geronimo should have way of setting the trusted certificate authorities
keystore from the web console.
> Geronimo 2.0.2 misses ApacheDS (LDAP) function
> ----------------------------------------------
>
> Key: GERONIMO-3812
> URL: https://issues.apache.org/jira/browse/GERONIMO-3812
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: documentation, Plugins
> Affects Versions: 2.0.2
> Environment: Debian Linux, java version "1.5.0_14",
> geronimo-tomcat6-jee5-2.0.2
> Reporter: Sakari Maaranen
>
> Geronimo documentation at
> http://cwiki.apache.org/GMOxDOC20/ldap-sample-application.html talks about
> org.apache.geronimo.configs/directory in system modules, but that does not
> exist in Geronimo 2.0.2.
> There is also a reference to Geronimo plugins. However, when I go to Plugins
> in the Geronimo console and search the geronimo-2.0.2 reposityory there is
> nothing related to ApacheDS or Directory. Like if the ApacheDS function was
> completely missing.
> The ApacheDS plugin should be added to the 2.0.2 plugin repository. The
> documentation should be updated to give the steps how to install ApacheDS
> with or without the plugin. The LDAP demo is useless if ApacheDS is
> unavailable.
> I found this much earlier discussion on the topic:
> http://www.mail-archive.com/[email protected]/msg52749.html
> http://www.mail-archive.com/[email protected]/msg55148.html
> Frankly, I don't think that the forward compatibility is so much an issue,
> but 2.0.2 completely lacking LDAP server. Would be better have it, even
> without forward compatibility.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
