How to configure LDAPS authentication on secured port.

Watch4net|M&R - 7.x

To enable LDAP over SSL (LDAPS), you must import the SSL certificate to the trust store.

Before you begin
Obtain a working copy of OpenSSL for your operating system to get the LDAPS certificate or contact your LDAP admin to request the certificate.

Procedure

• From the command line of the host running Administration (FE), run the following command to get the LDAPS certificate:

    openssl s_client -showcerts -connect <ldaps-server>:<port>     

• Using a text editor, extract each individual certificate found between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- and save it as a .pem file. Include -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- in the files.
• The product will automatically import all certificates which are placed in a custom certificate directory. Save each certificate to this location by copying it directly using the following command:

    cp <path-to-cert> <APG_HOME>/Java/Sun-JRE/<version>/customcerts
    
    Where:
    1). <path-to-cert> is the absolute path to the certificate you want to import (for example: /tmp/foo.emc.com-cert1.pem)
    2). <APG_HOME> is the installation directory of M&R

• Load these PEM files into the Java truststore by running the following command:

    <APG_HOME>/bin/generate-java-truststore.sh

• Restart any services which will use this new certificate. For example, if this certificate is for the use of LDAP, restart Tomcat by running the following command:

    <APG_HOME>/bin/manage-modules.sh service restart tomcat

• To enable LDAP authentication, you must also add the LDAPS server as an authentication type in Administration:
  a. Log into Administration
  b. Navigate to / Users & Security / Authentication / Authentication Settings
  c. Click Add a realm
  d. In Authentication Type, select LDAP
  e. Enter the LDAP details.
  f.  Click Save