LDAP & AD

LDAP & AD都算是老東西了,會開始寫些教學是因為遇到與它的整合。內容隨著我的學習會慢慢增加,如果我有空寫的話~XD。

目前遇到的問題是: LDAP使用者是否可以透過RestAPI進行Digest Auth?
我認為有困難。
由於認證行為是交給LDAP Server,RestAPI Web層只負責forwarding;而Digest Auth中的密碼會被根據Http Request種類、密碼等等內容一起MD5 encoding過。如果無法取得明文,除非LDAP Server允許接受一樣的方式。

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

參考此篇教學,執行以下command將root ca給匯入到Java keystore中,changeit是預設密碼,如果要用記得要改:

keytool -importcert -trustcacerts -keystore /opt/jdk1.8.0_60/jre/lib/security/cacerts -storepass changeit -noprompt -alias tonytest -file /etc/ldap/ssl/rootca.crt 
Certificate was added to keystore

列出現有的ca:

keytool -list -keystore /opt/jdk1.8.0_60/jre/lib/security/cacerts -storepass changeit

查看看測試的ca:

./keytool -list -keystore /opt/jdk1.8.0_60/jre/lib/security/cacerts -storepass changeit  | grep tony
tonytest, Mar 23, 2016, trustedCertEntry, 

刪除測試的ca:

./keytool -delete -keystore /opt/jdk1.8.0_60/jre/lib/security/cacerts -storepass changeit -alias tonytest

修改密碼:

keytool -keystore "C:\Program Files\Java\jre1.8.0_66\lib\security\cacerts" -storepasswd -new newpasswd -storepass changeit

Auth & Security

OpenLDAP

Spring - LDAP

Client

Integration