Re: [xwiki-users] XWiki and LDAP TLS binding
Hello! I didn't find how to give directly to XWiki the keystore password in xwiki.cfg or somewhere else. I used the Tomcat Java options: -Djavax.net.ssl.keyStore=/path-to-jks -Djavax.net.ssl.keyStorePassword=secret. Without this workaround, XWiki did not send the client certificate required by the LDAP server. See http://jira.xwiki.org/browse/XWIKI-5674 and http://jira.xwiki.org/browse/XWIKI-9319. Thank you for the discussion. Claude Lepère On Tue, Mar 4, 2014 at 1:51 PM, Pascal BASTIEN pbasnews-xw...@yahoo.frwrote: Hello, I didn't modify my catalina.sh because I indicate my keystore file in my ./webapps/xwiki_5.4.1/WEB-INF/xwiki.cfg file #-# The keystore file to use in SSL connection xwiki.authentication.ldap.ssl.keystore=/usr/lib/jvm/java-7-openjdk-amd64/jre/lib/security/jssecacerts Pascal B De : claude lepere claudelep...@gmail.com À : users@xwiki.org Envoyé le : Objet : Re: [xwiki-users] XWiki and LDAP TLS binding Hi all! Our LDAP server also requires the client his certificate (olcTLSVerifyClient = demand). As we are in Java on client side, we have to use a Java keystore (jks) containing the cert and the corresponding private key of the client (=XWiki). The way we found to give this info is in the Tomcat conf file /etc/default/tomcat7 adding -Djavax.net.ssl.keyStore=/path-to-jks -Djavax.net.ssl.keyStorePassword=changeit to JAVA_OPTS. Do you know other ways? Thank you for your answer. Claude Lepère On Sat, Mar 1, 2014 at 12:15 PM, PascalB [via XWiki] ml-node+s475771n7589382...@n2.nabble.com wrote: Hello, I used this method to authenticate on my LDAP TLS:SSL: http://jira.xwiki.org/browse/XWIKI-865 Pascal B De : Claude Lepere [hidden email] http://user/SendEmail.jtp?type=nodenode=7589382i=0 À : [hidden email] http://user/SendEmail.jtp?type=nodenode=7589382i=1 Envoyé le : Vendredi 21 février 2014 12h53 Objet : [xwiki-users] XWiki and LDAP TLS binding Hi! Does XWiki support LDAP TLS binding (that means a ldap connection on port 389 and not a SSL ldaps connection on port 686) with both server and client (= XWiki) certificates? If so, how to set up that feature? Many thanks for your response. Claude Lepère ___ users mailing list [hidden email] http://user/SendEmail.jtp?type=nodenode=7589382i=2 http://lists.xwiki.org/mailman/listinfo/users ___ users mailing list [hidden email] http://user/SendEmail.jtp?type=nodenode=7589382i=3 http://lists.xwiki.org/mailman/listinfo/users -- If you reply to this email, your message will be added to the discussion below: http://xwiki.475771.n2.nabble.com/XWiki-and-LDAP-TLS-binding-tp7589243p7589382.html To unsubscribe from XWiki and LDAP TLS binding, click here http://xwiki.475771.n2.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_codenode=7589243code=Y2xhdWRlbGVwZXJlQGdtYWlsLmNvbXw3NTg5MjQzfC02Mzk2OTM4MTI= . NAML http://xwiki.475771.n2.nabble.com/template/NamlServlet.jtp?macro=macro_viewerid=instant_html%21nabble%3Aemail.namlbase=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespacebreadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml -- View this message in context: http://xwiki.475771.n2.nabble.com/XWiki-and-LDAP-TLS-binding-tp7589243p7589401.html Sent from the XWiki- Users mailing list archive at Nabble.com. ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] XWiki and LDAP TLS binding
Hello, I didn't modify my catalina.sh because I indicate my keystore file in my ./webapps/xwiki_5.4.1/WEB-INF/xwiki.cfg file #-# The keystore file to use in SSL connection xwiki.authentication.ldap.ssl.keystore=/usr/lib/jvm/java-7-openjdk-amd64/jre/lib/security/jssecacerts Pascal B De : claude lepere claudelep...@gmail.com À : users@xwiki.org Envoyé le : Objet : Re: [xwiki-users] XWiki and LDAP TLS binding Hi all! Our LDAP server also requires the client his certificate (olcTLSVerifyClient = demand). As we are in Java on client side, we have to use a Java keystore (jks) containing the cert and the corresponding private key of the client (=XWiki). The way we found to give this info is in the Tomcat conf file /etc/default/tomcat7 adding -Djavax.net.ssl.keyStore=/path-to-jks -Djavax.net.ssl.keyStorePassword=changeit to JAVA_OPTS. Do you know other ways? Thank you for your answer. Claude Lepère On Sat, Mar 1, 2014 at 12:15 PM, PascalB [via XWiki] ml-node+s475771n7589382...@n2.nabble.com wrote: Hello, I used this method to authenticate on my LDAP TLS:SSL: http://jira.xwiki.org/browse/XWIKI-865 Pascal B De : Claude Lepere [hidden email]http://user/SendEmail.jtp?type=nodenode=7589382i=0 À : [hidden email] http://user/SendEmail.jtp?type=nodenode=7589382i=1 Envoyé le : Vendredi 21 février 2014 12h53 Objet : [xwiki-users] XWiki and LDAP TLS binding Hi! Does XWiki support LDAP TLS binding (that means a ldap connection on port 389 and not a SSL ldaps connection on port 686) with both server and client (= XWiki) certificates? If so, how to set up that feature? Many thanks for your response. Claude Lepère ___ users mailing list [hidden email] http://user/SendEmail.jtp?type=nodenode=7589382i=2 http://lists.xwiki.org/mailman/listinfo/users ___ users mailing list [hidden email] http://user/SendEmail.jtp?type=nodenode=7589382i=3 http://lists.xwiki.org/mailman/listinfo/users -- If you reply to this email, your message will be added to the discussion below: http://xwiki.475771.n2.nabble.com/XWiki-and-LDAP-TLS-binding-tp7589243p7589382.html To unsubscribe from XWiki and LDAP TLS binding, click herehttp://xwiki.475771.n2.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_codenode=7589243code=Y2xhdWRlbGVwZXJlQGdtYWlsLmNvbXw3NTg5MjQzfC02Mzk2OTM4MTI= . NAMLhttp://xwiki.475771.n2.nabble.com/template/NamlServlet.jtp?macro=macro_viewerid=instant_html%21nabble%3Aemail.namlbase=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespacebreadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml -- View this message in context: http://xwiki.475771.n2.nabble.com/XWiki-and-LDAP-TLS-binding-tp7589243p7589401.html Sent from the XWiki- Users mailing list archive at Nabble.com. ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] XWiki and LDAP TLS binding
Hi all! Our LDAP server also requires the client his certificate (olcTLSVerifyClient = demand). As we are in Java on client side, we have to use a Java keystore (jks) containing the cert and the corresponding private key of the client (=XWiki). The way we found to give this info is in the Tomcat conf file /etc/default/tomcat7 adding -Djavax.net.ssl.keyStore=/path-to-jks -Djavax.net.ssl.keyStorePassword=changeit to JAVA_OPTS. Do you know other ways? Thank you for your answer. Claude Lepère On Sat, Mar 1, 2014 at 12:15 PM, PascalB [via XWiki] ml-node+s475771n7589382...@n2.nabble.com wrote: Hello, I used this method to authenticate on my LDAP TLS:SSL: http://jira.xwiki.org/browse/XWIKI-865 Pascal B De : Claude Lepere [hidden email]http://user/SendEmail.jtp?type=nodenode=7589382i=0 À : [hidden email] http://user/SendEmail.jtp?type=nodenode=7589382i=1 Envoyé le : Vendredi 21 février 2014 12h53 Objet : [xwiki-users] XWiki and LDAP TLS binding Hi! Does XWiki support LDAP TLS binding (that means a ldap connection on port 389 and not a SSL ldaps connection on port 686) with both server and client (= XWiki) certificates? If so, how to set up that feature? Many thanks for your response. Claude Lepère ___ users mailing list [hidden email] http://user/SendEmail.jtp?type=nodenode=7589382i=2 http://lists.xwiki.org/mailman/listinfo/users ___ users mailing list [hidden email] http://user/SendEmail.jtp?type=nodenode=7589382i=3 http://lists.xwiki.org/mailman/listinfo/users -- If you reply to this email, your message will be added to the discussion below: http://xwiki.475771.n2.nabble.com/XWiki-and-LDAP-TLS-binding-tp7589243p7589382.html To unsubscribe from XWiki and LDAP TLS binding, click herehttp://xwiki.475771.n2.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_codenode=7589243code=Y2xhdWRlbGVwZXJlQGdtYWlsLmNvbXw3NTg5MjQzfC02Mzk2OTM4MTI= . NAMLhttp://xwiki.475771.n2.nabble.com/template/NamlServlet.jtp?macro=macro_viewerid=instant_html%21nabble%3Aemail.namlbase=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespacebreadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml -- View this message in context: http://xwiki.475771.n2.nabble.com/XWiki-and-LDAP-TLS-binding-tp7589243p7589401.html Sent from the XWiki- Users mailing list archive at Nabble.com. ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] XWiki and LDAP TLS binding
Hello, I used this method to authenticate on my LDAP TLS:SSL: http://jira.xwiki.org/browse/XWIKI-865 Pascal B De : Claude Lepere claudelep...@gmail.com À : users@xwiki.org Envoyé le : Vendredi 21 février 2014 12h53 Objet : [xwiki-users] XWiki and LDAP TLS binding Hi! Does XWiki support LDAP TLS binding (that means a ldap connection on port 389 and not a SSL ldaps connection on port 686) with both server and client (= XWiki) certificates? If so, how to set up that feature? Many thanks for your response. Claude Lepère ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
[xwiki-users] XWiki and LDAP TLS binding
Hi! Does XWiki support LDAP TLS binding (that means a ldap connection on port 389 and not a SSL ldaps connection on port 686) with both server and client (= XWiki) certificates? If so, how to set up that feature? Many thanks for your response. Claude Lepère ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] XWiki and LDAP TLS binding
As far as I understand TLS and SSL are the same thing (at least in LDAP). You can setup which port to connect to using xwiki.authentication.ldap.port property in xwiki.cfg. On Fri, Feb 21, 2014 at 12:53 PM, Claude Lepere claudelep...@gmail.com wrote: Hi! Does XWiki support LDAP TLS binding (that means a ldap connection on port 389 and not a SSL ldaps connection on port 686) with both server and client (= XWiki) certificates? If so, how to set up that feature? Many thanks for your response. Claude Lepère ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users -- Thomas Mortagne ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users