2

I am new to LDAP with SSL. I am working on 2 way SSL authentication on Apache Directory server/studio, but I am not getting how to store client certificate in Truststore of Apache DS. I have followed http://directory.apache.org/apacheds/advanced-ug/4.1.4-certificate-authn.html (Page is empty) link. Anyone can tell me how can I authenticate client at server?

Pratham
  • 21
  • 4

2 Answers2

0

I asked the same question, and the answer I find is that Apache Directory Studio does not have support for client certificates. Here is a suggested workaround:

https://blog.laimbock.com/2013/02/26/apache-directory-studio-and-client-certificate-authentication/

But only if you have ssh access to your ldap server host.

Richard Ketcham
  • 19
  • 2
  • Whilst the explanation addresses the question, it's problematic to present the workaround simply as a link. [It would be preferable](//meta.stackoverflow.com/q/8259) to include the essential parts of the answer here, and provide the link for reference. – Toby Speight May 09 '17 at 13:00
0

If you were on the server you could connect without client certificate to the ldapi socket.

You can do the same from your remote workstation by tunneling the ldapi socket to a local tcp port, via ssh.

Run this in a terminal:

ssh -L localhost:9696:/var/run/ldapi someuser@ldapserver

Then point directory studio to the host/port localhost:9696.

This is similar to what the

https://blog.laimbock.com/2013/02/26/apache-directory-studio-and-client-certificate-authentication/

tells, but I only use ssh (the blog uses socat which in turn uses ssh).

Stefano Frabetti
  • 1