Re: LDAPS Configuration with Tomcat

Wed, 08 Jun 2022 05:53:42 -0700 

On 08/06/2022 11:54, rakesh meka wrote:

Hi Mark/Chirs,

The tomact logs says Ldap exception : connection has timed out and
sometimes it says error connecting with LDAp server.


Time outs could be lots of things.

"error" is pretty general.


Can you please help me with how do we configure LDAPs with Tomcat on
windows server.(steps)
If you can provide your current JNDIRealm configuration for LDAPS and a copy of the log when things go wrong, we can try and help.
A copy of the working JNDIRealm configuration (for LDAP rather than LDAPS) would also be useful. 


If certificate is generated then where should we place in Tomcat ?


Why do you think Tomcat needs a certificate?

Mark


We do have our own domain controllers .

Let me know if you need any details .

Thanks &Regards ,
Meka Rakesh.





On Tue, Jun 7, 2022, 9:34 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:


Rakesh,

On 6/6/22 09:54, rakesh meka wrote:

Currently we are using an internal application which is deployed on

windows

server. And we use http which means we didn't configure SSL or TLS setup
with application. The current application is using LDAP for user
authentication which checks with active directory for verification .

Can any one let me know how we can configure LDAPS now ?

Should we need to configure the application with https before we enable
LDAPS ?


It doesn't matter in which order you do these.

But if you need users to authenticate with your application, then
encrypting that communication channel should be a top priority.
Otherwise, anyone nearby on your network can read everyone's
credentials, regardless of whether you are using LDAP or LDAPS. Or any
other kind of credential-checking system.


I tried changing the port to 636 but not successful. So need help if we

can

directly generate the certificate and place in somewhere in Tomcat
directory ?


You need to use an ldaps:// URL, not just change the port number.

-chris

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org






---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to