Uploaded image for project: 'Seam 2'
  1. Seam 2
  2. JBSEAM-4452

Enable LdapIdentityStore to access LDAP via SSL

    XMLWordPrintable

    Details

    • Type: Feature Request
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 2.2.0.GA
    • Fix Version/s: None
    • Component/s: None

      Description

      The current LdapIdentityStore offers a good support for integrate an LDAP repository. Unfortunately, at the moment, there is no configuration to access it via SSL.
      The minimum support could be done by adding a new boolean attribute (for ex. ssl-enabled) in the ldap-identity-store element to offer the possibility to choose or not a secure communication.

      I've tried to implement this extension changing security-2.2.xsd and the LdapIdentityStore class.
      In the second file my work has been on new attribute getter/setter and on initialiseContext(String principal, String credentials) method just adding the following lines :

      String ldapProtocol = "ldap";
      if (isSslEnabled())

      { ldapProtocol = "ldaps"; env.setProperty(Context.SECURITY_PROTOCOL, "ssl"); }

      String providerUrl = String.format("%s://%s:%d", ldapProtocol, getServerAddress(), getServerPort());

      In addition get the server certificate and set the -Djavax.net.ssl.trustStore=/path/to/keystore as JAVA_OPTS is needed.
      At the moment I'm able to initiate the communication with secure LDAP server but the Identity.authenticate causes a "javax.security.auth.login.LoginException: Login Failure: all modules ignored"
      The complete stacktrace is attached to the issue.

        Attachments

          Activity

            People

            Assignee:
            shane.bryzak Shane Bryzak
            Reporter:
            mbrizi Marco Brizi (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated: