Changing Login.config to use ldaps

classic Classic list List threaded Threaded
12 messages Options
Reply | Threaded
Open this post in threaded view
|

Changing Login.config to use ldaps

Kidd, Don W.
I am trying to change my login.config from using ldap to instead use ldaps, and I seem to be having a problem.  

in my login.config I have set the ldap url to be ldaps://

   edu.vt.middleware.ldap.jaas.LdapLoginModule required
      ldapURL="ldaps://storm.muohio.edu"
      ssl="true"
      port="636"

but in my log file, I see this...

08:30:12.308 - TRACE [edu.vt.middleware.ldap.handler.DefaultConnectionHandler:156] - {0} Attempting connection to ldap://storm.muohio.edu:636 for strategy DEFAULT

Could someone help me to get the connection to use ldaps here instead of ldap.


Thanks,
Don


--------
Don Kidd
Senior Systems Analyst
Information Technology Services
Miami University
312 Hoyt Hall
Oxford OH 45056
Office : 513.529.9655
Fax    : 513.529.1496
EMail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Changing Login.config to use ldaps

lajoie
Administrator
this is usually because you have a typo in a configuration,  If you're
specifying the whole LDAP URL you probably need to specify the port on
the URL

On Tue, Oct 5, 2010 at 13:41, Kidd, Don W. <[hidden email]> wrote:

> I am trying to change my login.config from using ldap to instead use ldaps, and I seem to be having a problem.
>
> in my login.config I have set the ldap url to be ldaps://
>
>   edu.vt.middleware.ldap.jaas.LdapLoginModule required
>      ldapURL="ldaps://storm.muohio.edu"
>      ssl="true"
>      port="636"
>
> but in my log file, I see this...
>
> 08:30:12.308 - TRACE [edu.vt.middleware.ldap.handler.DefaultConnectionHandler:156] - {0} Attempting connection to ldap://storm.muohio.edu:636 for strategy DEFAULT
>
> Could someone help me to get the connection to use ldaps here instead of ldap.
>
>
> Thanks,
> Don
>
>
> --------
> Don Kidd
> Senior Systems Analyst
> Information Technology Services
> Miami University
> 312 Hoyt Hall
> Oxford OH 45056
> Office : 513.529.9655
> Fax    : 513.529.1496
> EMail: [hidden email]
>
>



--
Chad La Joie
www.itumi.biz
trusted identities, delivered
Reply | Threaded
Open this post in threaded view
|

Re: Changing Login.config to use ldaps

Kidd, Don W.
I added the port to the ldapUrl string so it is now

      ldapURL="ldaps://storm.muohio.edu:636"

But not am getting this...  


10:27:07.624 - TRACE [edu.vt.middleware.ldap.auth.AuthenticatorConfig:1168] - setting ldapUrl: ldap://storm.muohio.edu:636

What values should I pass?  I am currently using.. ldapURL, base,ssl, serviceUSer, serviceCredential,port, userField... are there others that I should use and am missing somewhere?

   edu.vt.middleware.ldap.jaas.LdapLoginModule required
      ldapURL="ldaps://storm.muohio.edu:636"
      base="ou=people,dc=it,dc=muohio,dc=edu"
      ssl="true"
      serviceUser="cn=shibboleth,OU=Service Accounts,OU=MUUser,DC=it,DC=muohio,DC=edu"
      serviceCredential="xxxxxxxxxx"
      port="636"
      userField="uid";


On Oct 5, 2010, at 8:42 AM, Chad La Joie wrote:

> this is usually because you have a typo in a configuration,  If you're
> specifying the whole LDAP URL you probably need to specify the port on
> the URL
>
> On Tue, Oct 5, 2010 at 13:41, Kidd, Don W. <[hidden email]> wrote:
>> I am trying to change my login.config from using ldap to instead use ldaps, and I seem to be having a problem.
>>
>> in my login.config I have set the ldap url to be ldaps://
>>
>>   edu.vt.middleware.ldap.jaas.LdapLoginModule required
>>      ldapURL="ldaps://storm.muohio.edu"
>>      ssl="true"
>>      port="636"
>>
>> but in my log file, I see this...
>>
>> 08:30:12.308 - TRACE [edu.vt.middleware.ldap.handler.DefaultConnectionHandler:156] - {0} Attempting connection to ldap://storm.muohio.edu:636 for strategy DEFAULT
>>
>> Could someone help me to get the connection to use ldaps here instead of ldap.
>>
>>
>> Thanks,
>> Don
>>
>>
>> --------
>> Don Kidd
>> Senior Systems Analyst
>> Information Technology Services
>> Miami University
>> 312 Hoyt Hall
>> Oxford OH 45056
>> Office : 513.529.9655
>> Fax    : 513.529.1496
>> EMail: [hidden email]
>>
>>
>
>
>
> --
> Chad La Joie
> www.itumi.biz
> trusted identities, delivered

--------
Don Kidd
Senior Systems Analyst
Information Technology Services
Miami University
312 Hoyt Hall
Oxford OH 45056
Office : 513.529.9655
Fax    : 513.529.1496
EMail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Changing Login.config to use ldaps

Peter Schober
* Kidd, Don W. <[hidden email]> [2010-10-05 16:32]:
> What values should I pass?  I am currently using.. ldapURL,
> base,ssl, serviceUSer, serviceCredential,port, userField... are
> there others that I should use and am missing somewhere?

https://spaces.internet2.edu/display/SHIB2/IdPAuthUserPass

Setting host, port and ssl to the correct values should do.
-peter
Reply | Threaded
Open this post in threaded view
|

Re: Changing Login.config to use ldaps

Daniel Fisher-2
In reply to this post by Kidd, Don W.


    edu.vt.middleware.ldap.jaas.LdapLoginModule required
       ldapUrl="ldaps://storm.muohio.edu:636"

and

    edu.vt.middleware.ldap.jaas.LdapLoginModule required
       ldapUrl="ldap://storm.muohio.edu:636"
       ssl="true"

should both work.

In IDP 2.2, the host and port options have been deprecated in favor of
using ldapUrl.

--Daniel

On 10/5/10 8:41 AM, Kidd, Don W. wrote:

> I am trying to change my login.config from using ldap to instead use ldaps, and I seem to be having a problem.
>
> in my login.config I have set the ldap url to be ldaps://
>
>     edu.vt.middleware.ldap.jaas.LdapLoginModule required
>        ldapURL="ldaps://storm.muohio.edu"
>        ssl="true"
>        port="636"
>
> but in my log file, I see this...
>
> 08:30:12.308 - TRACE [edu.vt.middleware.ldap.handler.DefaultConnectionHandler:156] - {0} Attempting connection to ldap://storm.muohio.edu:636 for strategy DEFAULT
>
> Could someone help me to get the connection to use ldaps here instead of ldap.
>
>
> Thanks,
> Don
>
>
> --------
> Don Kidd
> Senior Systems Analyst
> Information Technology Services
> Miami University
> 312 Hoyt Hall
> Oxford OH 45056
> Office : 513.529.9655
> Fax    : 513.529.1496
> EMail: [hidden email]


smime.p7s (7K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Changing Login.config to use ldaps

Daniel Fisher-2
  Also, you can now configure trust directly in the JAAS config by
adding the option:

sslSocketFactory="{trustCertificates=file:path/to/my/certs/trust.crt}";

--Daniel

On 10/5/10 11:10 AM, Daniel Fisher wrote:

>
>
>    edu.vt.middleware.ldap.jaas.LdapLoginModule required
>       ldapUrl="ldaps://storm.muohio.edu:636"
>
> and
>
>    edu.vt.middleware.ldap.jaas.LdapLoginModule required
>       ldapUrl="ldap://storm.muohio.edu:636"
>       ssl="true"
>
> should both work.
>
> In IDP 2.2, the host and port options have been deprecated in favor of
> using ldapUrl.
>
> --Daniel
>
> On 10/5/10 8:41 AM, Kidd, Don W. wrote:
>> I am trying to change my login.config from using ldap to instead use
>> ldaps, and I seem to be having a problem.
>>
>> in my login.config I have set the ldap url to be ldaps://
>>
>>     edu.vt.middleware.ldap.jaas.LdapLoginModule required
>>        ldapURL="ldaps://storm.muohio.edu"
>>        ssl="true"
>>        port="636"
>>
>> but in my log file, I see this...
>>
>> 08:30:12.308 - TRACE
>> [edu.vt.middleware.ldap.handler.DefaultConnectionHandler:156] - {0}
>> Attempting connection to ldap://storm.muohio.edu:636 for strategy
>> DEFAULT
>>
>> Could someone help me to get the connection to use ldaps here instead
>> of ldap.
>>
>>
>> Thanks,
>> Don
>>
>>
>> --------
>> Don Kidd
>> Senior Systems Analyst
>> Information Technology Services
>> Miami University
>> 312 Hoyt Hall
>> Oxford OH 45056
>> Office : 513.529.9655
>> Fax    : 513.529.1496
>> EMail: [hidden email]
>
>


smime.p7s (7K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Changing Login.config to use ldaps

Kidd, Don W.
I've tried...  
>>      ldapUrl="ldaps://storm.muohio.edu:636"
>
and

>>      ldapUrl="ldap://storm.muohio.edu:636"
>>      ssl="true"

>
But both ways I see this...
13:05:24.334 - TRACE [edu.vt.middleware.ldap.auth.SearchDnResolver:200] -   config = {java.naming.provider.url=ldap://storm.muohio.edu:636, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.protocol=ssl}

is there anyway I can get it to be ldaps?

from the unix prompt I've done a ldapsearch using ldap://storm.muohio.edu and a ldaps://storm.muohio.edu and the ldap on returns an error, so I am thinking that this is the same problem I am having here...  but not sure how to get the shib to use ldaps instead of ldap..

Don


On Oct 5, 2010, at 11:21 AM, Daniel Fisher wrote:

> Also, you can now configure trust directly in the JAAS config by adding the option:
>
> sslSocketFactory="{trustCertificates=file:path/to/my/certs/trust.crt}";
>
> --Daniel
>
> On 10/5/10 11:10 AM, Daniel Fisher wrote:
>>
>>
>>   edu.vt.middleware.ldap.jaas.LdapLoginModule required
>>      ldapUrl="ldaps://storm.muohio.edu:636"
>>
>> and
>>
>>   edu.vt.middleware.ldap.jaas.LdapLoginModule required
>>      ldapUrl="ldap://storm.muohio.edu:636"
>>      ssl="true"
>>
>> should both work.
>>
>> In IDP 2.2, the host and port options have been deprecated in favor of using ldapUrl.
>>
>> --Daniel
>>
>> On 10/5/10 8:41 AM, Kidd, Don W. wrote:
>>> I am trying to change my login.config from using ldap to instead use ldaps, and I seem to be having a problem.
>>>
>>> in my login.config I have set the ldap url to be ldaps://
>>>
>>>    edu.vt.middleware.ldap.jaas.LdapLoginModule required
>>>       ldapURL="ldaps://storm.muohio.edu"
>>>       ssl="true"
>>>       port="636"
>>>
>>> but in my log file, I see this...
>>>
>>> 08:30:12.308 - TRACE [edu.vt.middleware.ldap.handler.DefaultConnectionHandler:156] - {0} Attempting connection to ldap://storm.muohio.edu:636 for strategy DEFAULT
>>>
>>> Could someone help me to get the connection to use ldaps here instead of ldap.
>>>
>>>
>>> Thanks,
>>> Don
>>>
>>>
>>> --------
>>> Don Kidd
>>> Senior Systems Analyst
>>> Information Technology Services
>>> Miami University
>>> 312 Hoyt Hall
>>> Oxford OH 45056
>>> Office : 513.529.9655
>>> Fax    : 513.529.1496
>>> EMail: [hidden email]
>>
>>
>
>

--------
Don Kidd
Senior Systems Analyst
Information Technology Services
Miami University
312 Hoyt Hall
Oxford OH 45056
Office : 513.529.9655
Fax    : 513.529.1496
EMail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Changing Login.config to use ldaps

Daniel Fisher-2
  On 10/5/10 1:24 PM, Kidd, Don W. wrote:
> I've tried...
>>>       ldapUrl="ldaps://storm.muohio.edu:636"
> and
>
>>>       ldapUrl="ldap://storm.muohio.edu:636"
>>>       ssl="true"
> But both ways I see this...
> 13:05:24.334 - TRACE [edu.vt.middleware.ldap.auth.SearchDnResolver:200] -   config = {java.naming.provider.url=ldap://storm.muohio.edu:636, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.protocol=ssl}
>

This is the log I would expect from the second option shown above.

> is there anyway I can get it to be ldaps?
>

What makes you think it isn't?  What does your LDAP server log say?

> from the unix prompt I've done a ldapsearch using ldap://storm.muohio.edu and a ldaps://storm.muohio.edu and the ldap on returns an error, so I am thinking that this is the same problem I am having here...  but not sure how to get the shib to use ldaps instead of ldap..
>
> Don
>
>
> On Oct 5, 2010, at 11:21 AM, Daniel Fisher wrote:
>
>> Also, you can now configure trust directly in the JAAS config by adding the option:
>>
>> sslSocketFactory="{trustCertificates=file:path/to/my/certs/trust.crt}";
>>
>> --Daniel
>>
>> On 10/5/10 11:10 AM, Daniel Fisher wrote:
>>>
>>>    edu.vt.middleware.ldap.jaas.LdapLoginModule required
>>>       ldapUrl="ldaps://storm.muohio.edu:636"
>>>
>>> and
>>>
>>>    edu.vt.middleware.ldap.jaas.LdapLoginModule required
>>>       ldapUrl="ldap://storm.muohio.edu:636"
>>>       ssl="true"
>>>
>>> should both work.
>>>
>>> In IDP 2.2, the host and port options have been deprecated in favor of using ldapUrl.
>>>
>>> --Daniel
>>>
>>> On 10/5/10 8:41 AM, Kidd, Don W. wrote:
>>>> I am trying to change my login.config from using ldap to instead use ldaps, and I seem to be having a problem.
>>>>
>>>> in my login.config I have set the ldap url to be ldaps://
>>>>
>>>>     edu.vt.middleware.ldap.jaas.LdapLoginModule required
>>>>        ldapURL="ldaps://storm.muohio.edu"
>>>>        ssl="true"
>>>>        port="636"
>>>>
>>>> but in my log file, I see this...
>>>>
>>>> 08:30:12.308 - TRACE [edu.vt.middleware.ldap.handler.DefaultConnectionHandler:156] - {0} Attempting connection to ldap://storm.muohio.edu:636 for strategy DEFAULT
>>>>
>>>> Could someone help me to get the connection to use ldaps here instead of ldap.
>>>>
>>>>
>>>> Thanks,
>>>> Don
>>>>
>>>>
>>>> --------
>>>> Don Kidd
>>>> Senior Systems Analyst
>>>> Information Technology Services
>>>> Miami University
>>>> 312 Hoyt Hall
>>>> Oxford OH 45056
>>>> Office : 513.529.9655
>>>> Fax    : 513.529.1496
>>>> EMail: [hidden email]
>>>
>>
> --------
> Don Kidd
> Senior Systems Analyst
> Information Technology Services
> Miami University
> 312 Hoyt Hall
> Oxford OH 45056
> Office : 513.529.9655
> Fax    : 513.529.1496
> EMail: [hidden email]


smime.p7s (7K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Changing Login.config to use ldaps

Kidd, Don W.
I think it isn't working cause I'm also getting this message in the log

13:05:24.338 - TRACE [edu.vt.middleware.ldap.handler.DefaultConnectionHandler:86] -   env = {java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=ldap://storm.muohio.edu:636, java.naming.security.protocol=ssl}

13:05:24.485 - DEBUG [edu.vt.middleware.ldap.jaas.LdapLoginModule:164] - Error occured attempting authentication
javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece]


On Oct 5, 2010, at 1:48 PM, Daniel Fisher wrote:

> On 10/5/10 1:24 PM, Kidd, Don W. wrote:
>> I've tried...
>>>>      ldapUrl="ldaps://storm.muohio.edu:636"
>> and
>>
>>>>      ldapUrl="ldap://storm.muohio.edu:636"
>>>>      ssl="true"
>> But both ways I see this...
>> 13:05:24.334 - TRACE [edu.vt.middleware.ldap.auth.SearchDnResolver:200] -   config = {java.naming.provider.url=ldap://storm.muohio.edu:636, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.protocol=ssl}
>>
>
> This is the log I would expect from the second option shown above.
>
>> is there anyway I can get it to be ldaps?
>>
>
> What makes you think it isn't?  What does your LDAP server log say?
>


>> from the unix prompt I've done a ldapsearch using ldap://storm.muohio.edu and a ldaps://storm.muohio.edu and the ldap on returns an error, so I am thinking that this is the same problem I am having here...  but not sure how to get the shib to use ldaps instead of ldap..
>>
>> Don
>>
>>
>> On Oct 5, 2010, at 11:21 AM, Daniel Fisher wrote:
>>
>>> Also, you can now configure trust directly in the JAAS config by adding the option:
>>>
>>> sslSocketFactory="{trustCertificates=file:path/to/my/certs/trust.crt}";
>>>
>>> --Daniel
>>>
>>> On 10/5/10 11:10 AM, Daniel Fisher wrote:
>>>>
>>>>   edu.vt.middleware.ldap.jaas.LdapLoginModule required
>>>>      ldapUrl="ldaps://storm.muohio.edu:636"
>>>>
>>>> and
>>>>
>>>>   edu.vt.middleware.ldap.jaas.LdapLoginModule required
>>>>      ldapUrl="ldap://storm.muohio.edu:636"
>>>>      ssl="true"
>>>>
>>>> should both work.
>>>>
>>>> In IDP 2.2, the host and port options have been deprecated in favor of using ldapUrl.
>>>>
>>>> --Daniel
>>>>
>>>> On 10/5/10 8:41 AM, Kidd, Don W. wrote:
>>>>> I am trying to change my login.config from using ldap to instead use ldaps, and I seem to be having a problem.
>>>>>
>>>>> in my login.config I have set the ldap url to be ldaps://
>>>>>
>>>>>    edu.vt.middleware.ldap.jaas.LdapLoginModule required
>>>>>       ldapURL="ldaps://storm.muohio.edu"
>>>>>       ssl="true"
>>>>>       port="636"
>>>>>
>>>>> but in my log file, I see this...
>>>>>
>>>>> 08:30:12.308 - TRACE [edu.vt.middleware.ldap.handler.DefaultConnectionHandler:156] - {0} Attempting connection to ldap://storm.muohio.edu:636 for strategy DEFAULT
>>>>>
>>>>> Could someone help me to get the connection to use ldaps here instead of ldap.
>>>>>
>>>>>
>>>>> Thanks,
>>>>> Don
>>>>>
>>>>>
>>>>> --------
>>>>> Don Kidd
>>>>> Senior Systems Analyst
>>>>> Information Technology Services
>>>>> Miami University
>>>>> 312 Hoyt Hall
>>>>> Oxford OH 45056
>>>>> Office : 513.529.9655
>>>>> Fax    : 513.529.1496
>>>>> EMail: [hidden email]
>>>>
>>>
>> --------
>> Don Kidd
>> Senior Systems Analyst
>> Information Technology Services
>> Miami University
>> 312 Hoyt Hall
>> Oxford OH 45056
>> Office : 513.529.9655
>> Fax    : 513.529.1496
>> EMail: [hidden email]
>
>

--------
Don Kidd
Senior Systems Analyst
Information Technology Services
Miami University
312 Hoyt Hall
Oxford OH 45056
Office : 513.529.9655
Fax    : 513.529.1496
EMail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Changing Login.config to use ldaps

Daniel Fisher-2
  Confirm that serviceUser and serviceCredential are correct.

On 10/5/10 2:05 PM, Kidd, Don W. wrote:

> I think it isn't working cause I'm also getting this message in the log
>
> 13:05:24.338 - TRACE [edu.vt.middleware.ldap.handler.DefaultConnectionHandler:86] -   env = {java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=ldap://storm.muohio.edu:636, java.naming.security.protocol=ssl}
>
> 13:05:24.485 - DEBUG [edu.vt.middleware.ldap.jaas.LdapLoginModule:164] - Error occured attempting authentication
> javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece]
>
>
> On Oct 5, 2010, at 1:48 PM, Daniel Fisher wrote:
>
>> On 10/5/10 1:24 PM, Kidd, Don W. wrote:
>>> I've tried...
>>>>>       ldapUrl="ldaps://storm.muohio.edu:636"
>>> and
>>>
>>>>>       ldapUrl="ldap://storm.muohio.edu:636"
>>>>>       ssl="true"
>>> But both ways I see this...
>>> 13:05:24.334 - TRACE [edu.vt.middleware.ldap.auth.SearchDnResolver:200] -   config = {java.naming.provider.url=ldap://storm.muohio.edu:636, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.protocol=ssl}
>>>
>> This is the log I would expect from the second option shown above.
>>
>>> is there anyway I can get it to be ldaps?
>>>
>> What makes you think it isn't?  What does your LDAP server log say?
>>
>
>>> from the unix prompt I've done a ldapsearch using ldap://storm.muohio.edu and a ldaps://storm.muohio.edu and the ldap on returns an error, so I am thinking that this is the same problem I am having here...  but not sure how to get the shib to use ldaps instead of ldap..
>>>
>>> Don
>>>
>>>
>>> On Oct 5, 2010, at 11:21 AM, Daniel Fisher wrote:
>>>
>>>> Also, you can now configure trust directly in the JAAS config by adding the option:
>>>>
>>>> sslSocketFactory="{trustCertificates=file:path/to/my/certs/trust.crt}";
>>>>
>>>> --Daniel
>>>>
>>>> On 10/5/10 11:10 AM, Daniel Fisher wrote:
>>>>>    edu.vt.middleware.ldap.jaas.LdapLoginModule required
>>>>>       ldapUrl="ldaps://storm.muohio.edu:636"
>>>>>
>>>>> and
>>>>>
>>>>>    edu.vt.middleware.ldap.jaas.LdapLoginModule required
>>>>>       ldapUrl="ldap://storm.muohio.edu:636"
>>>>>       ssl="true"
>>>>>
>>>>> should both work.
>>>>>
>>>>> In IDP 2.2, the host and port options have been deprecated in favor of using ldapUrl.
>>>>>
>>>>> --Daniel
>>>>>
>>>>> On 10/5/10 8:41 AM, Kidd, Don W. wrote:
>>>>>> I am trying to change my login.config from using ldap to instead use ldaps, and I seem to be having a problem.
>>>>>>
>>>>>> in my login.config I have set the ldap url to be ldaps://
>>>>>>
>>>>>>     edu.vt.middleware.ldap.jaas.LdapLoginModule required
>>>>>>        ldapURL="ldaps://storm.muohio.edu"
>>>>>>        ssl="true"
>>>>>>        port="636"
>>>>>>
>>>>>> but in my log file, I see this...
>>>>>>
>>>>>> 08:30:12.308 - TRACE [edu.vt.middleware.ldap.handler.DefaultConnectionHandler:156] - {0} Attempting connection to ldap://storm.muohio.edu:636 for strategy DEFAULT
>>>>>>
>>>>>> Could someone help me to get the connection to use ldaps here instead of ldap.
>>>>>>
>>>>>>
>>>>>> Thanks,
>>>>>> Don
>>>>>>
>>>>>>
>>>>>> --------
>>>>>> Don Kidd
>>>>>> Senior Systems Analyst
>>>>>> Information Technology Services
>>>>>> Miami University
>>>>>> 312 Hoyt Hall
>>>>>> Oxford OH 45056
>>>>>> Office : 513.529.9655
>>>>>> Fax    : 513.529.1496
>>>>>> EMail: [hidden email]
>>> --------
>>> Don Kidd
>>> Senior Systems Analyst
>>> Information Technology Services
>>> Miami University
>>> 312 Hoyt Hall
>>> Oxford OH 45056
>>> Office : 513.529.9655
>>> Fax    : 513.529.1496
>>> EMail: [hidden email]
>>
> --------
> Don Kidd
> Senior Systems Analyst
> Information Technology Services
> Miami University
> 312 Hoyt Hall
> Oxford OH 45056
> Office : 513.529.9655
> Fax    : 513.529.1496
> EMail: [hidden email]


smime.p7s (7K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Changing Login.config to use ldaps

Kidd, Don W.
I copied them from principal and principalcredential in the attribute-resolver.xml file which works over ldaps

On Oct 5, 2010, at 2:31 PM, Daniel Fisher wrote:

> Confirm that serviceUser and serviceCredential are correct.
>
> On 10/5/10 2:05 PM, Kidd, Don W. wrote:
>> I think it isn't working cause I'm also getting this message in the log
>>
>> 13:05:24.338 - TRACE [edu.vt.middleware.ldap.handler.DefaultConnectionHandler:86] -   env = {java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=ldap://storm.muohio.edu:636, java.naming.security.protocol=ssl}
>>
>> 13:05:24.485 - DEBUG [edu.vt.middleware.ldap.jaas.LdapLoginModule:164] - Error occured attempting authentication
>> javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece]
>>
>>
>> On Oct 5, 2010, at 1:48 PM, Daniel Fisher wrote:
>>
>>> On 10/5/10 1:24 PM, Kidd, Don W. wrote:
>>>> I've tried...
>>>>>>      ldapUrl="ldaps://storm.muohio.edu:636"
>>>> and
>>>>
>>>>>>      ldapUrl="ldap://storm.muohio.edu:636"
>>>>>>      ssl="true"
>>>> But both ways I see this...
>>>> 13:05:24.334 - TRACE [edu.vt.middleware.ldap.auth.SearchDnResolver:200] -   config = {java.naming.provider.url=ldap://storm.muohio.edu:636, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.protocol=ssl}
>>>>
>>> This is the log I would expect from the second option shown above.
>>>
>>>> is there anyway I can get it to be ldaps?
>>>>
>>> What makes you think it isn't?  What does your LDAP server log say?
>>>
>>
>>>> from the unix prompt I've done a ldapsearch using ldap://storm.muohio.edu and a ldaps://storm.muohio.edu and the ldap on returns an error, so I am thinking that this is the same problem I am having here...  but not sure how to get the shib to use ldaps instead of ldap..
>>>>
>>>> Don
>>>>
>>>>
>>>> On Oct 5, 2010, at 11:21 AM, Daniel Fisher wrote:
>>>>
>>>>> Also, you can now configure trust directly in the JAAS config by adding the option:
>>>>>
>>>>> sslSocketFactory="{trustCertificates=file:path/to/my/certs/trust.crt}";
>>>>>
>>>>> --Daniel
>>>>>
>>>>> On 10/5/10 11:10 AM, Daniel Fisher wrote:
>>>>>>   edu.vt.middleware.ldap.jaas.LdapLoginModule required
>>>>>>      ldapUrl="ldaps://storm.muohio.edu:636"
>>>>>>
>>>>>> and
>>>>>>
>>>>>>   edu.vt.middleware.ldap.jaas.LdapLoginModule required
>>>>>>      ldapUrl="ldap://storm.muohio.edu:636"
>>>>>>      ssl="true"
>>>>>>
>>>>>> should both work.
>>>>>>
>>>>>> In IDP 2.2, the host and port options have been deprecated in favor of using ldapUrl.
>>>>>>
>>>>>> --Daniel
>>>>>>
>>>>>> On 10/5/10 8:41 AM, Kidd, Don W. wrote:
>>>>>>> I am trying to change my login.config from using ldap to instead use ldaps, and I seem to be having a problem.
>>>>>>>
>>>>>>> in my login.config I have set the ldap url to be ldaps://
>>>>>>>
>>>>>>>    edu.vt.middleware.ldap.jaas.LdapLoginModule required
>>>>>>>       ldapURL="ldaps://storm.muohio.edu"
>>>>>>>       ssl="true"
>>>>>>>       port="636"
>>>>>>>
>>>>>>> but in my log file, I see this...
>>>>>>>
>>>>>>> 08:30:12.308 - TRACE [edu.vt.middleware.ldap.handler.DefaultConnectionHandler:156] - {0} Attempting connection to ldap://storm.muohio.edu:636 for strategy DEFAULT
>>>>>>>
>>>>>>> Could someone help me to get the connection to use ldaps here instead of ldap.
>>>>>>>
>>>>>>>
>>>>>>> Thanks,
>>>>>>> Don
>>>>>>>
>>>>>>>
>>>>>>> --------
>>>>>>> Don Kidd
>>>>>>> Senior Systems Analyst
>>>>>>> Information Technology Services
>>>>>>> Miami University
>>>>>>> 312 Hoyt Hall
>>>>>>> Oxford OH 45056
>>>>>>> Office : 513.529.9655
>>>>>>> Fax    : 513.529.1496
>>>>>>> EMail: [hidden email]
>>>> --------
>>>> Don Kidd
>>>> Senior Systems Analyst
>>>> Information Technology Services
>>>> Miami University
>>>> 312 Hoyt Hall
>>>> Oxford OH 45056
>>>> Office : 513.529.9655
>>>> Fax    : 513.529.1496
>>>> EMail: [hidden email]
>>>
>> --------
>> Don Kidd
>> Senior Systems Analyst
>> Information Technology Services
>> Miami University
>> 312 Hoyt Hall
>> Oxford OH 45056
>> Office : 513.529.9655
>> Fax    : 513.529.1496
>> EMail: [hidden email]
>
>

--------
Don Kidd
Senior Systems Analyst
Information Technology Services
Miami University
312 Hoyt Hall
Oxford OH 45056
Office : 513.529.9655
Fax    : 513.529.1496
EMail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Changing Login.config to use ldaps

Daniel Fisher-2


13:05:24.485 - DEBUG [edu.vt.middleware.ldap.jaas.LdapLoginModule:164] - Error occured attempting authentication
javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece]

This error is indicative of invalid credentials.
You may want to contact your AD admin to see what's going on.

--Daniel

On 10/5/10 3:13 PM, Kidd, Don W. wrote:

> I copied them from principal and principalcredential in the attribute-resolver.xml file which works over ldaps
>
> On Oct 5, 2010, at 2:31 PM, Daniel Fisher wrote:
>
>> Confirm that serviceUser and serviceCredential are correct.
>>
>> On 10/5/10 2:05 PM, Kidd, Don W. wrote:
>>> I think it isn't working cause I'm also getting this message in the log
>>>
>>> 13:05:24.338 - TRACE [edu.vt.middleware.ldap.handler.DefaultConnectionHandler:86] -   env = {java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=ldap://storm.muohio.edu:636, java.naming.security.protocol=ssl}
>>>
>>> 13:05:24.485 - DEBUG [edu.vt.middleware.ldap.jaas.LdapLoginModule:164] - Error occured attempting authentication
>>> javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece]
>>>
>>>
>>> On Oct 5, 2010, at 1:48 PM, Daniel Fisher wrote:
>>>
>>>> On 10/5/10 1:24 PM, Kidd, Don W. wrote:
>>>>> I've tried...
>>>>>>>       ldapUrl="ldaps://storm.muohio.edu:636"
>>>>> and
>>>>>
>>>>>>>       ldapUrl="ldap://storm.muohio.edu:636"
>>>>>>>       ssl="true"
>>>>> But both ways I see this...
>>>>> 13:05:24.334 - TRACE [edu.vt.middleware.ldap.auth.SearchDnResolver:200] -   config = {java.naming.provider.url=ldap://storm.muohio.edu:636, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.protocol=ssl}
>>>>>
>>>> This is the log I would expect from the second option shown above.
>>>>
>>>>> is there anyway I can get it to be ldaps?
>>>>>
>>>> What makes you think it isn't?  What does your LDAP server log say?
>>>>
>>>>> from the unix prompt I've done a ldapsearch using ldap://storm.muohio.edu and a ldaps://storm.muohio.edu and the ldap on returns an error, so I am thinking that this is the same problem I am having here...  but not sure how to get the shib to use ldaps instead of ldap..
>>>>>
>>>>> Don
>>>>>
>>>>>
>>>>> On Oct 5, 2010, at 11:21 AM, Daniel Fisher wrote:
>>>>>
>>>>>> Also, you can now configure trust directly in the JAAS config by adding the option:
>>>>>>
>>>>>> sslSocketFactory="{trustCertificates=file:path/to/my/certs/trust.crt}";
>>>>>>
>>>>>> --Daniel
>>>>>>
>>>>>> On 10/5/10 11:10 AM, Daniel Fisher wrote:
>>>>>>>    edu.vt.middleware.ldap.jaas.LdapLoginModule required
>>>>>>>       ldapUrl="ldaps://storm.muohio.edu:636"
>>>>>>>
>>>>>>> and
>>>>>>>
>>>>>>>    edu.vt.middleware.ldap.jaas.LdapLoginModule required
>>>>>>>       ldapUrl="ldap://storm.muohio.edu:636"
>>>>>>>       ssl="true"
>>>>>>>
>>>>>>> should both work.
>>>>>>>
>>>>>>> In IDP 2.2, the host and port options have been deprecated in favor of using ldapUrl.
>>>>>>>
>>>>>>> --Daniel
>>>>>>>
>>>>>>> On 10/5/10 8:41 AM, Kidd, Don W. wrote:
>>>>>>>> I am trying to change my login.config from using ldap to instead use ldaps, and I seem to be having a problem.
>>>>>>>>
>>>>>>>> in my login.config I have set the ldap url to be ldaps://
>>>>>>>>
>>>>>>>>     edu.vt.middleware.ldap.jaas.LdapLoginModule required
>>>>>>>>        ldapURL="ldaps://storm.muohio.edu"
>>>>>>>>        ssl="true"
>>>>>>>>        port="636"
>>>>>>>>
>>>>>>>> but in my log file, I see this...
>>>>>>>>
>>>>>>>> 08:30:12.308 - TRACE [edu.vt.middleware.ldap.handler.DefaultConnectionHandler:156] - {0} Attempting connection to ldap://storm.muohio.edu:636 for strategy DEFAULT
>>>>>>>>
>>>>>>>> Could someone help me to get the connection to use ldaps here instead of ldap.
>>>>>>>>
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> Don
>>>>>>>>
>>>>>>>>
>>>>>>>> --------
>>>>>>>> Don Kidd
>>>>>>>> Senior Systems Analyst
>>>>>>>> Information Technology Services
>>>>>>>> Miami University
>>>>>>>> 312 Hoyt Hall
>>>>>>>> Oxford OH 45056
>>>>>>>> Office : 513.529.9655
>>>>>>>> Fax    : 513.529.1496
>>>>>>>> EMail: [hidden email]
>>>>> --------
>>>>> Don Kidd
>>>>> Senior Systems Analyst
>>>>> Information Technology Services
>>>>> Miami University
>>>>> 312 Hoyt Hall
>>>>> Oxford OH 45056
>>>>> Office : 513.529.9655
>>>>> Fax    : 513.529.1496
>>>>> EMail: [hidden email]
>>> --------
>>> Don Kidd
>>> Senior Systems Analyst
>>> Information Technology Services
>>> Miami University
>>> 312 Hoyt Hall
>>> Oxford OH 45056
>>> Office : 513.529.9655
>>> Fax    : 513.529.1496
>>> EMail: [hidden email]
>>
> --------
> Don Kidd
> Senior Systems Analyst
> Information Technology Services
> Miami University
> 312 Hoyt Hall
> Oxford OH 45056
> Office : 513.529.9655
> Fax    : 513.529.1496
> EMail: [hidden email]


smime.p7s (7K) Download Attachment