Re: [Studio] Apache Directory Studio not able to authenticate using GSSAPI (Kerberos)

[Ali, Saqib]

Emmanuel,

Here is the Java version:

$ java -version
java version "1.8.0_101"
Java(TM) SE Runtime Environment (build 1.8.0_101-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.101-b13, mixed mode)








On Thu, Sep 29, 2016 at 10:41 PM, Emmanuel Lécharny  wrote:
> Le 30/09/16 à 00:38, Ali, Saqib a écrit :
>> I have a Ubuntu machine that is configured SSSD for Authentication to
>> Active Directory Kerberos Domain.
>>
>> The Kerberos setup works well on this machine. No issues accessing AD
>> protected File Shares.
>>
>> However when I try to configure Apache Directory Studio to use GSSAPI
>> (Kerberos) to connect to the Active Directory LDAP port (636), I get
>> the following exception:
>
> What JVM are you using (and which version) ?
>

Embedded LDAP server with TLS enabled

[Stéphane THIBAUDEAU]

Hello,

I'm trying to create an embedded LdapServer for testing purposes.

I managed to launch a server which can be accessed in plain and TLS mode 
with the code below.


public void startServer() throws Exception {
server = new LdapServer();
int serverPort = 10390;
TcpTransport transports = new TcpTransport(serverPort);
// transports.setEnableSSL(true);

server.setTransports(transports);
server.setDirectoryService(service);
server.setKeystoreFile("C:/path/to/server.ks");
server.setCertificatePassword("secret");
StartTlsHandler handler = new StartTlsHandler();
server.addExtendedOperationHandler(handler);

server.start();
System.out.println("Server started");
}

My problem is that my keystore does not seem to be taken into account.
When I connect with TLS on Apache Directory Studio I can display the 
received certificate and it looks like an apache one.


How could I set my own keystore ?
And is there a way to have a server with both LDAPS and TLS enabled ?

Cheers,
Stephane.