How to configure LDAPS authentication on Tomcat 7

Question

To start, I configure HTTPS on Tomcat and I configure a authentication page. My authentication page work in HTTPS with an user in Tomcat-users.xml

<form action="j_security_check" method="POST">
       Username:<input type="text" name="j_username"><br>
       Password:<input type="password" name="j_password">
       <input type="submit" value="Login">
</form>

On server.xml I configure a realm

< Realm className="org.apache.catalina.realm.JNDIRealm"

connectionURL="ldaps://XXXXXXX:636" debug="99"
connectionName="MY_USER"
connectionPassword="MY PASSWORD"
userbase="MY_BASE"
userSearch="XXXXXXXXXXXX"
userSubtree="true"
roleBase="XXXXXXXXXXX"
roleSubtree="true"
roleName="XXXXX"
roleSearch="XXXXXX"

/>

I import my certificate with the command keytool.

keytool -import -file om_certificat.pem -keystore cacerts

Should I do something else?

When I start tomcat, I have this warning: SSLHandshakeException

I did this, but doesn't work ! I think, my reaml is correct and when I did the command "keytool", I receive a message "the certificate is added".

So where, is my problem ? I forget a step ?

score 2 · Answer 1 · edited May 23 '17 at 11:43

If you really established the "trust" relationship with your LDAP certificate (e.g. import it to your local keystore), one problem that I commonly see is that it's imported into a keystore that's actually not used at all.

Double check (if that fails triple check) which cacerts file you import to and which one is used by tomcat)

Edit: By quick check, here they say, you'll have to use java's default keystore for LDAP trust (the common documentation that you'll find everywhere is for SSL/HTTPS setup). The easiest way to assure this (with all of the different java versions that you might have installed on your computer) is to locate all of the cacerts files on your and import your LDAP's cert one-by-one, then restart (at least it's the easiest for me to point out without physically assisting you)

You might also want to check Imported certificate to Java keystore, JVM ignores the new cert for some more ideas

Thanks for your answer. How can I check this ? – Whitney R. Apr 08 '13 at 09:34 — Whitney R., Apr 08 '13 at 09:34

score 0 · Accepted Answer · answered Apr 09 '13 at 13:47

0

I resolve my problem.

I add my certificate on my JVM 64bits, but my %JAVA_HOME% is configured for my 32bits version.

answered Apr 09 '13 at 13:47

Whitney R.

630
4
10
20

How to configure LDAPS authentication on Tomcat 7

2 Answers2