Add support for LDAP with SSL

Question

Add support for LDAP with SSL

maheshp opened this issue 7 years ago · 3 comments

In the in-built implementation the end-users have to imports the certificates directly into java's cacerts. This is usually problematic as users may move to a different system and their ldap authentication stops working suddenly. The issue also comes if their switch to a different version of java. They need to re-import all the certs. Since this is moving to a plugin, could we provide an option in auth-config for the plugin to specify the certs in order to avoid the same issue that we have with the in-built one.

Answer 1 · 2018-10-19T14:11:48.000Z

hi @maheshp could you please describe teh procedure for adding a certificate into gocd in order this plugin to work ?

Answer 2 · 2018-10-30T14:52:51.000Z

the process of setting up a certificate to work with LDAPS looks like this:

keytool  -import -storepass changeit -noprompt -alias xxx  -keystore /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.191.b12-0.el7_5.x86_64/jre/lib/security/cacerts -trustcacerts -file xxx
Certificate was added to keystore

and then in order to trust the certificate you do what is described here:
https://www.happyassassin.net/2015/01/14/trusting-additional-cas-in-fedora-rhel-centos-dont-append-to-etcpkitlscertsca-bundle-crt-or-etcpkitlscert-pem/

Answer 3 · 2021-07-22T17:03:51.000Z

For the upcoming folks:
If you try to bind to Azure AD, make sure to this url ldaps://[DNS or IP]:636 :)
Since the certificate is not self-signed it works out of the box.