Le 11/22/12 7:31 PM, Nick Duan a écrit : > Could someone share some info/hits on how to setup ApacheDS 2.0 with 1 way > and 2 way SSL (LDAPS)? I was able to enable to run LDAPS in 1 way SSL with > the server using ApacheStudio by enabling the default LDAPS settings on > ApacheDS and using the server self-generated certs, but unable to configure > the server using external certificates. It seems there is lack of doc on > this topic. true. > I am particularly interested in finding answers to the > following problems: > > > > 1. I found the two LDAPS related attributes, ads-certificatePassword > and ads=keystoreFile, under the node ou=config, ou=service, > ou=ads-serviceid=ldapServer, but couldn't find any attribute that specifies > the keystore password. Would a keystore password required in this case? no. Storng the external keystore password in the server would be a security breach, IMO. > > 2. How to specify truststore file path and password, and cert id, > etc.? If to configure LDAPS using 2 way SSL (i.e. using client cert for > authentication) not sure I understand... > > 3. Where is the default self-signed certificate file/keystore > generated by ApacheDS? it's stored in the uid=admin, ou=system entry.
Note that we have to improve this area. Any feedback is welcome ! -- Regards, Cordialement, Emmanuel Lécharny www.iktek.com
