Prev
Next
Forums Infor / Lawson Platforms S3 Systems Administration

LDAPBIND using ldaps protocol

 4 Replies
 1 Subscribed to this topic
 27 Subscribed to this forum
Sort:
Author
Messages
kshields
Basic Member
Posts: 11
Basic Member
9/26/2017 4:23 PM

    We have done ldapbind's using the ldap protocol, but one client would like to implement it with ldaps protocol. Looking at the command structure, it appears the -W, -P, and -U options come into play, but I'm not sure how to set those up. Does anyone have experience with ldaps?

    Attached is the command structure for GENDIR/bin/ldapbind.




    Attachments
    Carl.Seay
    Veteran Member
    Posts: 109
    Veteran Member
    9/26/2017 5:08 PM
      I don't recall the ldapbind command being any different, but you do have to import the AD SSL Certs into the java trust stores, including the Root CA.
      kshields
      Basic Member
      Posts: 11
      Basic Member
      9/26/2017 5:37 PM
        So that would be the LSF Websphere CellDefaultTrustStore, I presume. And just import the cert chain into Signer Certificates, correct? And do you specify any particular -U value?
        Kwane McNeal
        Veteran Member
        Posts: 479
        Veteran Member
        9/26/2017 8:59 PM
          I don't think WebSphere has anything to do with binding (unless something has changed recently), as WebSphere doesn't directly make the call to the external authentication provider. It would be whatever cert store LSF (specifically lase) is using
          kshields
          Basic Member
          Posts: 11
          Basic Member
          9/26/2017 9:16 PM
            Thanks Kwane - that matches what another installer told me as well. He said he retrieves the cert into Websphere's key store and then exports it from there and imports it into JAVA_HOME\jdk\jre\lib\security\cacerts using keytool.exe. That must be what lase uses.