Closed bmonteiro closed 5 years ago
Hi @bmonteiro ,
as far as I know, all it takes to enable secure communication to LDAP server (if it supports it itself) is to import the certificate of your LDAP server into truststore of Cassandra and start that node.
Protocol for LDAP server will be ldaps
and port would change the most probably too (e.g. 636 but it is for sure deployment specific) so you have to reflect this change in ldap.properties
file.
In this particular example (2), certificate is in /container/service/slapd/assets/certs/ca.crt
so import would be like:
keytool -importcert -file ca.crt -keystore cassandra-truststore.jks -storepass mypass
(1) https://github.com/osixia/docker-openldap (2) https://github.com/osixia/docker-openldap#tls
ok, let me try it. thx.
Hi @smiklosovic, Can you please update the docs so we could use LDAPS with self-signed Root CA ? We definitely won't use LDAP 389 because of the plaintext password and also most of the companies have their private PKI. Usually the Root CA is passed via some properties and sometimes also need to be part of the CACerts used by Java. Please let me know if more details are needed. Regards, Bruno