Hi Kevin, I reverted LDAP to simple authentication from startTLS. Still knox not working. I can't figure out the issue. What should i do now?
On Mon, Jul 27, 2015 at 10:43 PM, Kevin Minder <[email protected] > wrote: > Yes. As is typical with SSL setup this can be complex but it is > covered in the User’s Guide. > http://knox.apache.org/books/knox-0-6-0/user-guide.html#Authentication > > From: Aneela Saleem > Reply-To: "[email protected]" > Date: Monday, July 27, 2015 at 1:36 PM > > To: "[email protected]" > Subject: Re: Apache Knox Web API > > Ok what if a forget startTLS thing and start with LDAPS, is it > supported in Shiro LDAP Realm? > > On Mon, Jul 27, 2015 at 8:46 PM, Kevin Minder < > [email protected]> wrote: > >> Ok did a bit more digging and it looks like the Shiro LDAP Realm we are >> using does not implement StartTLS. It seems as though other Shiro Realm >> implementations do as evidence here >> >> http://jmchung.github.io/blog/2014/10/03/integrating-shiro-with-cas-authentication-via-ldap/ >> But I see no evidence that the JndiLdapRealm upon which the >> KnoxLdapRealm is based has the code described here for StartTLS support. >> https://docs.oracle.com/javase/jndi/tutorial/ldap/ext/starttls.html >> This would be a valuable are for you to contribute to either Knox or >> Shiro if this capability is important for your use case. >> Also note that LDAPS should provide equivalent security. >> >> From: Aneela Saleem >> Reply-To: "[email protected]" >> Date: Monday, July 27, 2015 at 11:07 AM >> >> To: "[email protected]" >> Subject: Re: Apache Knox Web API >> >> I just tried to enable startTLS for LDAP. I just followed this link: >> >> >> https://www.digitalocean.com/community/tutorials/how-to-encrypt-openldap-connections-using-starttls >> >> On Mon, Jul 27, 2015 at 8:02 PM, Kevin Minder < >> [email protected]> wrote: >> >>> Well what have you changed since it last worked? >>> >>> From: Aneela Saleem >>> Reply-To: "[email protected]" >>> Date: Monday, July 27, 2015 at 11:01 AM >>> >>> To: "[email protected]" >>> Subject: Re: Apache Knox Web API >>> >>> But what could be the issue as it was working fine before >>> >>> On Mon, Jul 27, 2015 at 7:35 PM, Kevin Minder < >>> [email protected]> wrote: >>> >>>> In the development branch (called master) we have added several >>>> features to help diagnose LDAP issues. However to take advantage of these >>>> you will need to build Knox from source as these features are not yet >>>> included in an official release. >>>> >>>> From: Aneela Saleem >>>> Reply-To: "[email protected]" >>>> Date: Monday, July 27, 2015 at 10:26 AM >>>> >>>> To: "[email protected]" >>>> Subject: Re: Apache Knox Web API >>>> >>>> But i did not get your point >>>> >>>> On Mon, Jul 27, 2015 at 7:22 PM, Kevin Minder < >>>> [email protected]> wrote: >>>> >>>>> I believe the default LDAP port is 389. Is your OpenLDAP server >>>>> listening on 389? >>>>> >>>>> Otherwise would it be possible for you to build and use the master >>>>> branch version of Knox. We have recently added several LDAP diagnostics >>>>> that might help us here. >>>>> >>>>> From: Aneela Saleem >>>>> Reply-To: "[email protected]" >>>>> Date: Monday, July 27, 2015 at 10:14 AM >>>>> To: "[email protected]" >>>>> Subject: Re: Apache Knox Web API >>>>> >>>>> Hi Kevin, >>>>> >>>>> I'm using OpenLDAP >>>>> >>>>> On Mon, Jul 27, 2015 at 6:59 PM, Kevin Minder < >>>>> [email protected]> wrote: >>>>> >>>>>> I’m suspecting this >>>>>> <param> >>>>>> <name>main.ldapRealm.contextFactory.url</name> >>>>>> <value>ldap://localhost</value> >>>>>> </param> >>>>>> What LDAP server are you using? >>>>>> >>>>>> From: Aneela Saleem >>>>>> Reply-To: "[email protected]" >>>>>> Date: Sunday, July 26, 2015 at 2:53 PM >>>>>> To: "[email protected]" >>>>>> Subject: Re: Apache Knox Web API >>>>>> >>>>>> <param> >>>>>> <name>main.ldapRealm.contextFactory.url</name> >>>>>> <value>ldap://localhost</value> >>>>>> </param> >>>>>> >>>>> >>>>> >>>> >>> >> >
