1. OpenLDAP server configuration
Add the following lines in slapd.conf
suffix "dc=jalios,dc=com"
rootdn cn=Manager,dc=jalios,dc=com
rootpw secret
To check every steps of this coobook on your LDAP server, you can:
- either use the following command to do a full search on your server
$> ldapsearch -x -b 'dc=jalios,dc=com' '(objectclass=*)' - or else use the LDAP Browser/Editor available here : http://www.iit.edu/~gawojar/ldap/
2. Initial feed of the ldap server
To allow JCMS to connect to your LDAP server you need to add the some special entries. Use the files 'jalios.ldif' and 'jcms.ldif' attached to this cookbook note.
Create the Jalios organization:
$> ldapadd -x -D "cn=Manager,dc=jalios,dc=com" -w secret -f jalios.ldif
Add the jcms management account (added with the Manager account)
$> ldapadd -x -D "cn=Manager,dc=jalios,dc=com" -w secret -f jcms.ldif
To import those ldif file, you can also use the LDAP Browser/Editor instead of typing the previos commands.
Check all the entries were added successfully..
3. JCMS configuration
Configure JCMS LDAP properties as is :
- Protocol: ldap://
- Hostname: addresse du serveur LDAP
- Port: 339
- JCMS login: cn=jcms,dc=jalios,dc=com
- JCMS password: jcms
- DN Suffix: dc=jalios,dc=com
- Request filter: uid={0}
4. JCMS configuration when using SSL
To use an SSL connection to the LDAP server (only with JCMS 4.1.1 and above):
First, install the server's certificate in your JRE's database of trusted certificates. (the JRE used by your application server).
$> cd $JAVA_HOME/lib/security
$> keytool -import -file ServerCertificate.pem -keystore cacerts
Then configure JCMS LDAP properties:
- Protocole: "ldaps://"
- Port: 636
5. Tests
To test jcms ldap connection with a fictitious user user the attached file 'test.ldif'
$> ldapadd -x -D "cn=Manager,dc=jalios,dc=com" -w secret -f test.ldif
And try to login to JCMS with
- login: "durant", password: "michel" -> Create the account in JCMS
- login: "durant", password: "blabla" -> Invalid Authentification
To delete the account:
$> ldapdelete -x -w secret -D "cn=Manager,dc=jalios,dc=com" "cn=jcms,dc=jalios,dc=com"
For your tests, a pre-compiled distribution of openladp with SSL support is available: http://www.ilex.fr/openldap/
Le LDAP Browser/Editor is downloadable here: http://www.iit.edu/~gawojar/ldap/