On Fri, Nov 23, 2012 at 12:01 AM, Nick Duan <[email protected]> wrote:
> Could someone share some info/hits on how to setup ApacheDS 2.0 with 1 way > and 2 way SSL (LDAPS)? I was able to enable to run LDAPS in 1 way SSL with > the server using ApacheStudio by enabling the default LDAPS settings on > ApacheDS and using the server self-generated certs, but unable to configure > the server using external certificates. It seems there is lack of doc on > this topic. I am particularly interested in finding answers to the > following problems: > > > > 1. I found the two LDAPS related attributes, ads-certificatePassword > and ads=keystoreFile, under the node ou=config, ou=service, > ou=ads-serviceid=ldapServer, but couldn't find any attribute that specifies > the keystore password. Would a keystore password required in this case? > > yes, it appears that ads-certificatePassword is used as keystore password (looks like a bad config name) > 2. How to specify truststore file path and password, and cert id, > etc.? If to configure LDAPS using 2 way SSL (i.e. using client cert for > authentication) > > currently 2 way SSL is not supported (server accepts all client certificates), can you raise a feature request in JIRA? But prior to that It would help us if you can provide more details about the use case. > 3. Where is the default self-signed certificate file/keystore > generated by ApacheDS? > > > in the entry uid=admin,ou=system > > Any help and suggestions are highly appreciated. > > > > ND > > -- Kiran Ayyagari http://keydap.com
