How do I make OpenAM 13.5 communicate with a secured LDAP server?

This topic has 1 reply, 2 voices, and was last updated 5 years, 5 months ago by Peter Major.

  • Author
    Posts
  • #17711
     Rick521
    Participant

    Hi All,

    I want to make OpenAM communicate with LDAPS server on port 636 which is IBM Tivoli Directory Server.

    I see the KB Article here
    https://backstage.forgerock.com/knowledge/kb/article/a24711600

    I believe this article is expecting OpenDJ to be the LDAPS server which is not in my case, I also use ssl at f5 level.

    Issue
    The issue i’m facing is if i’m using the below configurations for external user store
    # External OpenDJ based user data store
    USERSTORE_TYPE=LDAPV3ForTivoli
    USERSTORE_SSL=SSL
    #USERSTORE_DOMAINNAME=ad.example.com
    USERSTORE_HOST=opendj.example.com
    USERSTORE_PORT=636
    USERSTORE_SUFFIX=dc=example,dc=com
    USERSTORE_MGRDN=cn=Directory Manager
    USERSTORE_PASSWD=secret12

    ERRORS
    AMSetupServlet.ProcessRequest: errororg.forgerock.opendj.ldap.ConnectionException: Server Connection Closed: Heartbeat Failed

    Caused by: javax.net.ssl.SSLException: Received fatal alert: handshake_failure

    My configurations are
    OpenAM Version 13.5
    DATA_STORE=embedded
    CONFIG_STORE(SFO)=External OpenDJ
    USER_STORE=External IBM TDS

    Questions
    1) To enable TLS do I need to add any certs from Tivoli Directory Server into my openam keystore. ?

    2) Do I also need to make any changes in my embedded opendj to allow this handshake to happen. ?

    Any help is appreciated.

    Thanks,
    Rick

    • This topic was modified 5 years, 5 months ago by Peter Major.
    #17713
     Peter Major
    Moderator

    First you should figure out if your container uses the default truststore. If not, then add the certificate to the truststore used by your container. If yes, then you should add your directory server’s certificate to the JVM’s truststore.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?