Configure JCMS and OpenLDAP (ldap/ldaps)

1. OpenLDAP server configuration

Add the following lines in slapd.conf 
   suffix "dc=jalios,dc=com"
  rootdn cn=Manager,dc=jalios,dc=com
  rootpw secret

To check every steps of this coobook on your LDAP server, you can:

  • either use the following command to do a full search on your server
       $> ldapsearch -x -b 'dc=jalios,dc=com' '(objectclass=*)'
  • or else use the LDAP Browser/Editor available here : http://www.iit.edu/~gawojar/ldap/

2. Initial feed of the ldap server

To allow JCMS to connect to your LDAP server you need to add the some special entries. Use the files 'jalios.ldif' and 'jcms.ldif' attached to this cookbook note.

Create the Jalios organization:
 $> ldapadd -x -D "cn=Manager,dc=jalios,dc=com" -w secret -f jalios.ldif

Add the jcms management account (added with the Manager account)
   $> ldapadd -x -D "cn=Manager,dc=jalios,dc=com" -w secret -f jcms.ldif

To import those ldif file, you can also use the LDAP Browser/Editor instead of typing the previos commands.

Check all the entries were added successfully..

3. JCMS configuration

Configure JCMS LDAP properties as is :

  • Protocol: ldap://
  • Hostname: addresse du serveur LDAP
  • Port: 339
  • JCMS login: cn=jcms,dc=jalios,dc=com
  • JCMS password: jcms
  • DN Suffix: dc=jalios,dc=com
  • Request filter: uid={0}

LDAP Server

LDAP Settings

4. JCMS configuration when using SSL

To use an SSL connection to the LDAP server (only with JCMS 4.1.1 and above):
First, install the server's certificate in your JRE's database of trusted certificates. (the JRE used by your application server).
   $> cd $JAVA_HOME/lib/security
  $> keytool -import -file ServerCertificate.pem -keystore cacerts

Then configure JCMS LDAP properties:

  • Protocole: "ldaps://"
  • Port: 636

5. Tests

To test jcms ldap connection with a fictitious user user the attached file 'test.ldif'
    $> ldapadd -x -D "cn=Manager,dc=jalios,dc=com" -w secret -f test.ldif

And try to login to JCMS with

  • login: "durant", password: "michel" -> Create the account in JCMS
  • login: "durant", password: "blabla" -> Invalid Authentification

To delete the account:
   $> ldapdelete -x -w secret -D "cn=Manager,dc=jalios,dc=com" "cn=jcms,dc=jalios,dc=com"

For your tests, a pre-compiled distribution of openladp with SSL support is available: http://www.ilex.fr/openldap/
Le LDAP Browser/Editor is downloadable here: http://www.iit.edu/~gawojar/ldap/

 

References

In brief...

This note describe the steps needed to configure OpenLDAP with JCMS 4.x Support for ldaps is only available with JCMS 4.1.1 and above.

Subject
Products
Published

8/19/04

Writer
  • Olivier Jaquemet

Table of Contents

  1. 1. OpenLDAP server configuration
  2. 2. Initial feed of the ldap server
  3. 3. JCMS configuration
  4. 4. JCMS configuration when using SSL
  5. 5. Tests
0 votes
No comments