LDAPS Support for OM Web Viewer 12.1
search cancel

LDAPS Support for OM Web Viewer 12.1

book

Article ID: 217858

calendar_today

Updated On:

Products

Output Management Web Viewer

Issue/Introduction

Changing the LDAP port from non-secure port=389 to LDAPS secure port=636. Any concern?

Environment

  • Output Management Web Viewer 12.1
  • LDAPS

Cause

LDAPS was introduced in the product at LU02547 published build 214.  Apply the latest cumulative maintenance.

NOTE: Choose any platform - the fixes are the same for all platforms.

Resolution

Create Keystore Files for LDAP TLS

Administrators can use LDAP on TLS (LDAPS) to encrypt the communication between an LDAP server and OM Web Viewer.
Overview:

  1. Create or Update a Keystore to Connect to your LDAPS Server
  2. Configure the OM Web Viewer Server
  3. Configure the OM Web Viewer Directory to Point to the LDAPS Server
  4. Verify that One or More Roles use the Directory

NOTE: For LDAPS, only System Level External Configuration and Application  Level External Configuration are supported.
 

Create or Update a Keystore to Connect to your LDAPS Server

In this procedure, you export the LDAP-specific certificate from your LDAP server and import it into a java keystore. After the certificate is added to the keystore, it is used to secure the connection between OM Web Viewer and the LDAP server.
 

  1. Export the certificate from your LDAP server. See your LDAP server documentation for instructions, which vary according to your platform and server.  Export a certificate containing the server’s public key into Base-64 encoded X.509 (CER) file format.
  2. Verify that <jre or jdk>/bin is in your path. If necessary, add it to your path.
    Import the certificate into a java keystore. You can use any keystore tool such as Keystore Explorer or keytool. These instructions use the standard java tool keystore. Use the following command for either a new or existing keystore:
    1. keytool -importcert -alias <certificate name> -file <file path> -keystore <new or existing keystore>. An example follows:
    2. keytool -importcert -alias publicLDAPcert -file yourCerti.cer -keystore wvLDAP_KeystoreSample.jks
    3. When prompted, specify a new or existing password, depending on whether the keystore is new or existing.
    4. When prompted to trust the certificate, answer Yes.


Configure the OM Web Viewer Server

  1. Locate your External Configuration location, typically, <Web Viewer install>/config or <OMWV12_HOME>/config
  2. Copy your keystore into your configuration folder.
  3. The following will be done using the new configtool:
  4. Update WVProfile.properties with the following lines:
    AUTHENTICATION.LDAPKeystoreFile=<path of your keystore, including filename>
    AUTHENTICATION.LDAPKeystorePassword=<keystore password or keyword>
    AUTHENTICATION.LDAPProtocol=[None|TLS]
    AUTHENTICATION.LDAPPort=Port Number used to communicate to LDAP Server
    AUTHENTICATION.LDAPKeystoreEntry=entry in the keystore to be used
Powered by Wolken Software