Pular para o conteúdo principal

IBM Connections: Conectar TDI em um Secure LDAP server via SSL


If you want Tivoli Directory Integrator (TDI ) to connect to a secure LDAP server (LDAPS) via SSL you need to import the SSL root certificate of the LDAP server into your TDI configuration. This article describes the basics how to do that.
For the TDI configuration included in IBM Connections the steps are as described below:
  • First, get the root certificate of your LDAP server. This can most easily be done with OpenSSL:
openssl s_client -connect <hostname of ldap server>:636 | sed -ne ‘/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p’ > <filename for certificate>.cer
If you do not have “sed” available you can just manually extract all lines from “—BEGIN CERTIFICATE—” to “—END CERTIFICATE—” with a text editor and save this section.
  • Now you need to import this certificate into the TDI JKS keystore.
You can either do that via the IBM IKEYMAN utility or, faster, via the command line (start the command from the “…\TDISOL\serverapi” directory):
<TDI program directory>/jvm/jre/bin/keytool -import -trustcacerts -alias <alias name for certificate> -file <filename of the certificate>.cer -keystore testadmin.jks -storepass administrator
E.g.:
/opt/IBM/TDI/V7.1/jvm/jre/bin/keytool -import -trustcacerts -alias LDAP-Certificate -file ldaproot.cer -keystore testadmin.jks -storepass administrato
You need to confirm with “yes”  that you trust this certificate.
  • If you still get SSL errors in the IBMDI.LOG (like “Keystore was tampered with, or password was incorrect”) open the file “<TDI program directory>/etc/global.properties” with a text editor.
Find the sections “## server authentication” and “## client authentication” and replace the line “#{protect}-javax.net.ssl.trustStorePassword={encr}……..” with the line “{protect}-javax.net.ssl.trustStorePassword=administrator” in both sections.
Now your TDI should be able to successfully connect to your secure LDAP server.

Comentários

Postagens mais visitadas deste blog

Como adicionar uma rota no MAC OSX

Andres-MBP:~ a190468$ sudo route -n add -net 10.28.0.0/16 10.26.32.254 Password: ***** add net 10.28.0.0: gateway 10.26.32.254 Andres-MBP:~ a190468$  Andres-MBP:~ a190468$  Andres-MBP:~ a190468$ ping 10.28.236.125 PING 10.28.236.125 (10.28.236.125): 56 data bytes 64 bytes from 10.28.236.125: icmp_seq=0 ttl=120 time=3.796 ms 64 bytes from 10.28.236.125: icmp_seq=1 ttl=120 time=2.466 ms 64 bytes from 10.28.236.125: icmp_seq=2 ttl=120 time=2.392 ms Classe B com endereços 10.28.x.x com gateway 10.26.32.254.

Instalando IBM Connections 5, CR2 e IBM DOCs no Linux - Guias

Charles Price que é um dos integrantes da equipe L2 de suporte da IBM criou alguns guias de instalação de produtos IBM para o Linux. Aqui estão os guias: Installation guide IBM Connections 5.0 on Linux Installation guide IBM Connections 5.0 CR2 on Linux Installation guide IBM Docs 1.0.7 on IBM Connections 5.0 CR2 on Linux  IBM DOCs e CCM para o linux são dois tópicos mais difíceis de se encontrar material, sendo assim, fica a dica. Aqui a profile do Charles Price

Como alterar o default route no seu MAC

Pois bem, hoje estou em um cliente trabalhando com o meu MAC. Meu Mac esta conectado na rede do cliente, que usa um endereço classe A (10.26.x.x). Estou conectado com o meu 3G no celular. Gostaria de usar como rota padrão a saída de rede do meu 3G, visto que a rede do cliente não tem acesso a internet. Pois bem, para que isto aconteça temos que alterar as rotas de TCP/IP. Alterar a rota default 0.0.0.0 para sair pelo 3G. Com o comando "netstat -rn" você consegue visualizar qual a rede que esta como rota padrão.  MacBook-Pro:~ user$ netstat -rn Routing tables Internet: Destination        Gateway            Flags        Refs      Use   Netif Expire default            192.168.0.254      UGSc           27        0     en1 default            10.26.32.2...