TeamSite: LDAP and SSL

Environment:
- Windows Server 2003
- TeamSite 6.7.2 with both patches applied

Here's what I've done so far:
1. Converted the CA certificate I had using Netscape 4.79 to create the cert7.db file.
2. Placed the cert7.db file in the iw-home/tools/db/Netscape folder
3. Found in 6.7.2 supplimental that I needed to create a file called truststore and place it in the same folder as the cert7.db
4. Tried connecting to LDAP with anonymous binding - no love
5. Tried connecting to LDAP with account - no love

Took a look at error logs and this is all that is printed out:

javax.naming.CommunicationException: XXXXXXXXX:686 [Root exception is java.net.ConnectException: Connection refused: connect]
at com.sun.jndi.ldap.Connection.(Connection.java:194)

Looks like TS uses standard LDAP libraries from Sun, so I created a small Java program to see if I could connect:


public static void main(String[] args) throws NamingException {
  // Set up the environment for creating the initial context
  Hashtable env = new Hashtable();
  env.put(Context.INITIAL_CONTEXT_FACTORY, 
      "com.sun.jndi.ldap.LdapCtxFactory");
  env.put(Context.PROVIDER_URL, "ldap://XXXX");

  // Specify SSL
  env.put(Context.SECURITY_PROTOCOL, "ssl");
  env.put(Context.SECURITY_AUTHENTICATION, "simple");
  env.put(Context.SECURITY_PRINCIPAL, "XXXXX");
  env.put(Context.SECURITY_CREDENTIALS, "XXXX");

  // Create the initial context
  @SuppressWarnings("unused")
  DirContext ctx = new InitialDirContext(env);



 }

Added the same CA file to the truststore and tried... The ctx is created fine and connection thourgh SSL is created...

Here's my user_databases.xml:

<iwldap id="ldap_1" display_name="LDAP" os="f">
  <server value="XXXXXX">
  </server>
  <ssl_port value="686" />
  <CAFile value="C:/iw-home/tools/db/Netscape/cert7.db" />
  <search_key value="cn">
  </search_key>
  <dnBase value="XXXXX">
  </dnBase>
  <account
   value="XXXXXX" />
  <password
   value="52616e646f6d4956c82bafa0f00705855388ad08311726b3d8e394699ebaa3ce" />
  <attr_email value="mail">
  </attr_email>
  <attr_display_name value="cn">
  </attr_display_name>
 </iwldap>



Just to be clear the same info baseDB, user DB, and password are used in both the Java program and the TS config file.
Any ideas? Am I missing the obvious? Or is it support ticket time?

Thanks in advance

Find more posts tagged with

Comments

hymatron

As an update the CAFile should just be a path and should not include the cert7.db file.