Implementing LDAP using TLS

[bskrade]

We have installed Atlas on our server at the Medical College of Wisconsin using Broadsea. We would like to implement single sign on. However, MCW-IS requires the use of TLS certificates in our LDAP service. Is it possible to add an option for LDAP using TLS?

Some example java code for implementing TLS can be found here: https://docs.oracle.com/javase/jndi/tutorial/ldap/ext/starttls.html

Expected behavior

Actual behavior

Steps to reproduce behavior

[alondhe]

I believe you need to install the CA certificate into the JVM.

[bskrade]

Do you use SSH, not TLS to connect to LDAP? My co-worker ran into a similar issue with I2B2 and had to add the attached code to communicate with LDAP using TLS. find_user.txt

[alondhe]

We're using LDAPS, in which we needed to install a CA cert into the java keystore.

[gkowalski]

Hello from Brians Co-worker.. Should we need to install a CA Cert within the JDK if we are talking to a LDAP Server that has a certificate that is signed by an authority trusted by Java ? I assume we would only need to import the certificate if we are self signing our LDAP Server .

https://docs.plm.automation.siemens.com/content/polarion/20/help/en_US/polarion_windows_installation/manually_updating_third_party_software/import_a_certificate_to_the_java_keystore.html

[gkowalski]

We changed over to a non-TLS Version and are still getting failures. Need the lpg4j properties to set in order to get better logging and see what params are being constructed . We can connect to ldap with other tools.

[gkowalski]

Ajit, Do you have instructions on how you installed your CA Cert into the Java Keystore ?

[alondhe]

We copied our cacerts file into the Broadsea folder, then simply ran the docker compose command for webapi. Broadsea will mount a file named "cacerts" into the key store.

[gkowalski]

Thanks , but how did you generate the cacerts file ? Did you need the key and cert to start this process as described : https://www.baeldung.com/convert-pem-to-jks