[Building Sakai] Sakai LDAP configuration

Jaco Gillman jaco at opencollab.co.za
Tue Jul 3 05:51:43 PDT 2012 

Hi all

I have been stuggling to setup LDAP configuration for Sakai for a while now.

Here is what I have done so far:

We have are busy with a Sakai installation that is being hosted outside
from where the LDAP server is located.
I could telnet to the LDAP server successfully.
I also used Apache Directory Studio LDAP client to connect from another
location (locally) to the LDAP and again it was successfull.
Using the following connection properties all was succesfully connecting to
the remote LDAP:
1. Network Parameter:  HostName: ...
Port: 636
Encryption Method: Use SSL encryption (ldaps://)
Authentication: Authentication method: No Authentication
Bind DN: "empty"
Bind Password: "empty"
 Prompted for Certificate Trust. Selected, Trust this certificate for the
session
 Result of this connection property --> Successfull!
2. Network Parameter:  HostName: ...
Port: 636
Encryption Method: Use SSL encryption (ldaps://)
Authentication: Authentication method: Simple Authentication
Bind DN: "Actual user in ldap"
Bind Password: "Actual user in ldap's password"
 Prompted for Certificate Trust. Selected, Trust this certificate for the
session
 Result of this connection property --> Successfull!
So from 2 different locations I could manage to connect succesfully to the
remote LDAP server.

First of all I tried to set the "secureConnection" in jldap-beans.xml to
false,
used the same user's values for ldapUser and ldapPassword mentioned above
(# 2) and could not connect succesfully.

I the changed "secureConnection" in jldap-beans.xml to true, asked for the
security certificated from the server where this LDAP server is located,
imported the certification succesfully to my local cacerts keystore, and
added the keystoreLocation and keystorePassword properties in
jldap-beans.xml.
Again no succesfull connection. I have debugged through the Sakai LDAP
source and get the exception
java.security.cert.CertPathValidatorException: timestamp check failed whick
seems to indicate that the certification has expired.
This however is a newly generated certificate.

Any help would be much appreciated!

Regards,

*Jaco Gillman***

Java Developer

opencollab

*Tel*: +27 21 970 4017  |  *Fax*:* *+27 21 914 3098**

*Email*: jaco at opencollab.co.za  |  *Skype*: gillmanjc

*Web*: www.opencollab.co.za
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20120703/9275c927/attachment.html

More information about the sakai-dev mailing list