Does bonita support out of the box ldap over SSL ?

1
0
-1

Hello,

I'd like to know if Bonita supports out of the box LDAP over SSL (LDAPS) for

  • user authentication (via jaas)
  • synchronization (via Ldap Synchroniser)

What additional configuration should I do? How and where?

I'm interested for the version 7.3 and future versions as well.

Thanks

2 answers

1
+1
-1

Hi Enrico,

Regarding the LDAP synchronisation, starting with Bonita 7.11, configuring the LDAP Synchronizer to use LDAPS (that is, LDAP over SSL) is pretty straight-forward, as explained in the documentation.

So you just need to download the latest Bonita 7.11+ bundle, and use the LDAP Synchronizer that you will find in the TOMCAT_HOME/tools/ directory, which is compatible with the previous Bonita server 7.x versions.
(Please note that, whichever your Bonita server version, you should always use the latest LDAP Synchronizer.)

Also, please remember that in both cases (user authentication and LDAP synchronisation over SSL), Bonita will need to trust your LDAP server's certificate, so you will have to add at least one of these into the default or the custom truststore being used by the java application (the Tomcat or the LDAP Synchronizer):

  • the LDAP server's certificate
  • the LDAP server's certificate chain
  • the certificate of the CA who issued the LDAP server's certificate

I hope this helps,

Unai

1
+1
-1

Hi Enrico,
For user authentication, Bonita can use com.sun.security.auth.module.LdapLoginModule as JAAS login modul which apparently supports it (look for useSSL property here).
No additional configuration is mentioned. Just make sure that you have configured the LDAP server to use SSL
HTH

Notifications