Re: LDAPS Configuration with Tomcat
On 08/06/2022 11:54, rakesh meka wrote: Hi Mark/Chirs, The tomact logs says Ldap exception : connection has timed out and sometimes it says error connecting with LDAp server. Time outs could be lots of things. "error" is pretty general. Can you please help me with how do we configure LDAPs with Tomcat on windows server.(steps) If you can provide your current JNDIRealm configuration for LDAPS and a copy of the log when things go wrong, we can try and help. A copy of the working JNDIRealm configuration (for LDAP rather than LDAPS) would also be useful. If certificate is generated then where should we place in Tomcat ? Why do you think Tomcat needs a certificate? Mark We do have our own domain controllers . Let me know if you need any details . Thanks , Meka Rakesh. On Tue, Jun 7, 2022, 9:34 PM Christopher Schultz < ch...@christopherschultz.net> wrote: Rakesh, On 6/6/22 09:54, rakesh meka wrote: Currently we are using an internal application which is deployed on windows server. And we use http which means we didn't configure SSL or TLS setup with application. The current application is using LDAP for user authentication which checks with active directory for verification . Can any one let me know how we can configure LDAPS now ? Should we need to configure the application with https before we enable LDAPS ? It doesn't matter in which order you do these. But if you need users to authenticate with your application, then encrypting that communication channel should be a top priority. Otherwise, anyone nearby on your network can read everyone's credentials, regardless of whether you are using LDAP or LDAPS. Or any other kind of credential-checking system. I tried changing the port to 636 but not successful. So need help if we can directly generate the certificate and place in somewhere in Tomcat directory ? You need to use an ldaps:// URL, not just change the port number. -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: LDAPS Configuration with Tomcat
Hi Mark/Chirs, The tomact logs says Ldap exception : connection has timed out and sometimes it says error connecting with LDAp server. Can you please help me with how do we configure LDAPs with Tomcat on windows server.(steps) If certificate is generated then where should we place in Tomcat ? We do have our own domain controllers . Let me know if you need any details . Thanks , Meka Rakesh. On Tue, Jun 7, 2022, 9:34 PM Christopher Schultz < ch...@christopherschultz.net> wrote: > Rakesh, > > On 6/6/22 09:54, rakesh meka wrote: > > Currently we are using an internal application which is deployed on > windows > > server. And we use http which means we didn't configure SSL or TLS setup > > with application. The current application is using LDAP for user > > authentication which checks with active directory for verification . > > > > Can any one let me know how we can configure LDAPS now ? > > > > Should we need to configure the application with https before we enable > > LDAPS ? > > It doesn't matter in which order you do these. > > But if you need users to authenticate with your application, then > encrypting that communication channel should be a top priority. > Otherwise, anyone nearby on your network can read everyone's > credentials, regardless of whether you are using LDAP or LDAPS. Or any > other kind of credential-checking system. > > > I tried changing the port to 636 but not successful. So need help if we > can > > directly generate the certificate and place in somewhere in Tomcat > > directory ? > > You need to use an ldaps:// URL, not just change the port number. > > -chris > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: LDAPS Configuration with Tomcat
Rakesh, On 6/6/22 09:54, rakesh meka wrote: Currently we are using an internal application which is deployed on windows server. And we use http which means we didn't configure SSL or TLS setup with application. The current application is using LDAP for user authentication which checks with active directory for verification . Can any one let me know how we can configure LDAPS now ? Should we need to configure the application with https before we enable LDAPS ? It doesn't matter in which order you do these. But if you need users to authenticate with your application, then encrypting that communication channel should be a top priority. Otherwise, anyone nearby on your network can read everyone's credentials, regardless of whether you are using LDAP or LDAPS. Or any other kind of credential-checking system. I tried changing the port to 636 but not successful. So need help if we can directly generate the certificate and place in somewhere in Tomcat directory ? You need to use an ldaps:// URL, not just change the port number. -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: LDAPS Configuration with Tomcat
On 06/06/2022 14:54, rakesh meka wrote: Hi All, Greetings! Hope you are doing well. Currently we are using an internal application which is deployed on windows server. And we use http which means we didn't configure SSL or TLS setup with application. The current application is using LDAP for user authentication which checks with active directory for verification . Can any one let me know how we can configure LDAPS now ? Should we need to configure the application with https before we enable LDAPS ? No. TLS configuration for clients using HTTP to communicate with Tomcat is independent of whether Tomcat uses TLS to communicate with the LDAP server. I tried changing the port to 636 but not successful. So need help if we can directly generate the certificate and place in somewhere in Tomcat directory ? You should not need to generate a certificate for Tomcat (unless the LDAP server is using mutual TLS authentication which seems unlikely). There are lots of things that can go wrong with TLS. It is hard to suggest what the problem might be without any error message. Do you have an error message from the logs you could share? Thanks, Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org