LDAP ports hardcoded

[stoeps13]

Hi, I tried to install a system with an already installed LDAP server (Domino, Active Directory) on 389 only and then 636 only.

The TDI installation uses a Jinja2 template for profiles_tdi.properties https://github.com/HCL-TECH-SOFTWARE/connections-automation/blob/6284e97dc630da1d84ba873d066be366655e8694/roles/third_party/ibm/tdi-install/templates/profiles_tdi.properties.j2#L19 which has no option for LDAPS.

Here it needs 3 steps:

1. Change port to a variable
2. Option for SSL true or false to set https://github.com/HCL-TECH-SOFTWARE/connections-automation/blob/6284e97dc630da1d84ba873d066be366655e8694/roles/third_party/ibm/tdi-install/templates/profiles_tdi.properties.j2#L53
3. Import LDAPS root cert into a jks file, which is referenced in solution.properties

LDAP without SSL is not possible in production environments.

Was ND deployment makes it weird.

The LDAP server is added without SSL and port 389 here: https://github.com/HCL-TECH-SOFTWARE/connections-automation/blob/6284e97dc630da1d84ba873d066be366655e8694/roles/third_party/ibm/wasnd/was-dmgr-config-ldap/templates/was_config_ldap.py.j2#L4

But here https://github.com/HCL-TECH-SOFTWARE/connections-automation/blob/6284e97dc630da1d84ba873d066be366655e8694/roles/third_party/ibm/wasnd/was-dmgr-import-tls-cert/templates/was_import_tls_cert.py.j2#L2 the LDAPS root certificate is imported.

So, same as in TDI, I would recommend using 636 only (or with variable). The import of the TLS cert should only happen when port 636 or ldap_tls_enable=true is set.

You see, the setup is only possible if both protocols are enabled, but the only unecrypted connection is used.

[nitinjagjivan]

Thank you for reporting it, internal issue ticket created to investigate.