差異處
這裏顯示兩個版本的差異處。
java:ldap [2017/08/19 23:33] |
java:ldap [2023/06/25 09:48] (目前版本) |
||
---|---|---|---|
行 1: | 行 1: | ||
+ | {{tag>ldap}} | ||
+ | ====== LDAP & AD ====== | ||
+ | LDAP & AD都算是老東西了,會開始寫些教學是因為遇到與它的整合。內容隨著我的學習會慢慢增加,如果我有空寫的話~XD。 | ||
+ | ===== LDAP + RestAPI + Digest Auth? ===== | ||
+ | 目前遇到的問題是: LDAP使用者是否可以透過RestAPI進行Digest Auth? \\ | ||
+ | 我認為有困難。\\ | ||
+ | 由於認證行為是交給LDAP Server,RestAPI Web層只負責forwarding;而Digest Auth中的密碼會被根據Http Request種類、密碼等等內容一起MD5 encoding過。如果無法取得明文,除非LDAP Server允許接受一樣的方式。 | ||
+ | ===== SunCertPathBuilderException ===== | ||
+ | <code bash> | ||
+ | Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target | ||
+ | </code> | ||
+ | 參考[[http://stackoverflow.com/questions/11617210/how-to-properly-import-a-selfsigned-certificate-into-java-keystore-that-is-avail|此篇]]教學,執行以下command將root ca給匯入到Java keystore中,changeit是預設密碼,如果要用記得要改: | ||
+ | <code bash> | ||
+ | keytool -importcert -trustcacerts -keystore /opt/jdk1.8.0_60/jre/lib/security/cacerts -storepass changeit -noprompt -alias tonytest -file /etc/ldap/ssl/rootca.crt | ||
+ | Certificate was added to keystore | ||
+ | </code> | ||
+ | 列出現有的ca: | ||
+ | <code bash> | ||
+ | keytool -list -keystore /opt/jdk1.8.0_60/jre/lib/security/cacerts -storepass changeit | ||
+ | </code> | ||
+ | 查看看測試的ca: | ||
+ | <code bash> | ||
+ | ./keytool -list -keystore /opt/jdk1.8.0_60/jre/lib/security/cacerts -storepass changeit | grep tony | ||
+ | tonytest, Mar 23, 2016, trustedCertEntry, | ||
+ | </code> | ||
+ | 刪除測試的ca: | ||
+ | <code bash> | ||
+ | ./keytool -delete -keystore /opt/jdk1.8.0_60/jre/lib/security/cacerts -storepass changeit -alias tonytest | ||
+ | </code> | ||
+ | 修改密碼: | ||
+ | <code bash> | ||
+ | keytool -keystore "C:\Program Files\Java\jre1.8.0_66\lib\security\cacerts" -storepasswd -new newpasswd -storepass changeit | ||
+ | </code> | ||
+ | |||
+ | ===== Articles ===== | ||
+ | * [[java:ldap:openldap|OpenLDAP]] | ||
+ | * [[java:ldap:jndi|JNDI API]] | ||
+ | * [[java:ldap:spring|Spring API]] | ||
+ | * [[java:dalp:ad:enable_certificate|Enable SSL/TLS on Windows AD]] | ||
+ | ===== Reference ===== | ||
+ | ==== Auth & Security ==== | ||
+ | * [[https://docs.oracle.com/javase/tutorial/jndi/ldap/auth_mechs.html|Authentication Mechanisms of JNDI]] | ||
+ | * [[http://www.tech-faq.com/ldap-security-issues.html|LDAP security issues]] | ||
+ | * [[http://www.openldap.org/doc/admin24/sasl.html|OpenLDAP - SASL]] | ||
+ | * [[https://tersesystems.com/2014/03/23/fixing-hostname-verification/|fixing-hostname-verification]] | ||
+ | ==== OpenLDAP ==== | ||
+ | * [[http://wiki.weithenn.org/cgi-bin/wiki.pl?OpenLDAP-SSL_TLS_%E8%A8%AD%E5%AE%9A|Setup SSL/TLS on OpenLDAP server]] | ||
+ | ==== Spring - LDAP ==== | ||
+ | * [[http://forum.spring.io/forum/spring-projects/data/ldap/19764-tls-and-setupauthenticatedenvironment|StartTLS與Pool的問題]] | ||
+ | ==== Client ==== | ||
+ | * [[https://directory.apache.org/studio/downloads.html|Apache Directory Studio]] | ||
+ | * [[http://www.ldapadmin.org/|LDAP Admin]] | ||
+ | ==== Integration ==== | ||
+ | * [[http://media.community.dell.com/en/dtc/attach/idrac6_directoryservices.pdf|Dell iDRAC6]] | ||
+ | |||
+ | ===== ===== | ||
+ | ---- | ||
+ | \\ | ||
+ | ~~DISQUS~~ |