2.9.2.2. Active Directory sample configuration

Here is an alternative configuration for Active Directory that you can find sample configurations of:

Note

There is a Microsoft limitation: The password cannot be set in AD via unsecured connection, so you have to use the LDAPS protocol.

Using LDAPS protocol with Active Directory

  1. Set up AD to use SSL as follows:

    • i. Add the Active Directory Certificate Services role.

    • ii. Install the right certificate for the DC machine.

  2. Enable Java VM to use the certificate from AD as follows (note that this step is not AD related, it is applicable for any LDAP server when you want to enable the SSL protocol):

    • i. Import the root CA used in AD to keystore, like below:

      keytool -importcert -file 2008.cer -keypass changeit -keystore /home/user/java/jdk1.6/jre/lib/security/cacerts
    • ii. Set the JAVA options.

      JAVA_OPTS="${JAVA_OPTS} -Djavax.net.ssl.trustStorePassword=changeit -Djavax.net.ssl.trustStore=/home/user/java/jdk1.6/jre/lib/security/cacerts"
Copyright ©. All rights reserved. eXo Platform SAS
blog comments powered byDisqus