Hello My ldap server requires TLS certificate and I can consult it using TLS form the server (ldapsearch -x -ZZ -LLL -b dc=ind,dc=edu 'uid=test' cn).
I have followed these instructions on: http://lsc-project.org/wiki/documentation/2.0/howtos/ssltls To enable TLS on the LDAP connection, set the following node in lsc.xml: <connection> <.../> <tlsActivated>false</tlsActivated> </connection> Replace “dst” with “src” above if necessary. But these instructions looks wrong. Where is the dst and src to change? and it is supposed to be true instead of false. Even so I have changed my lsc.xml to: <tlsActivated>true</tlsActivated> And imported the cacert.pem keytool -import -file cacert.pem -keystore /root/scripts/lsc-2.0.2/etc/ldapcert Updated the lsc script to this: "${JAVA_COMMAND}" -cp $CLASSPATH \ -Djavax.net.ssl.trustStore=/root/scripts/lsc-2.0.2/etc/ldapcert \ -Djavax.net.ssl.trustStorePassword=xxxxx \ org.lsc.Launcher $PARAMETERS And the following error keeps showing up: Error opening the LDAP connection to the destination! (javax.naming.AuthenticationNotSupportedException: [LDAP: error code 13 - TLS confidentiality required]) I have done these same steps importing the certifcate on "/etc/ssl/certs/java/cacerts" and "/usr/lib/jvm/java-7-openjdk-amd64/jre/lib/security/cacerts" without modifieng the lsc script, but the same error appears. Interesting is that if you change the parameter on Djavax.net.ssl.trustStore to any invalid file path no error is reported, looks like it is being ignored. What I'm missing? Thanks
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list lsc-users@lists.lsc-project.org http://lists.lsc-project.org/listinfo/lsc-users
