Enable TLS - TremoloSecurity/MyVirtualDirectory GitHub Wiki

Connecting to a TLS enabled directory

  1. Get either the CA certificate that is signing the certificate used by your directory or the certificate for the directory its self
  2. Create a keystore for the certificate
  3. Add the keystore as the trust store for MyVD
  4. Configure the LDAP insert to use LDAPS

Create the trust store

Assuming the certificate is in PEM format:

$ keytool -import -keystore /path/to/myvd/conf/myvd-server.ks -alias mycert -rfc -file /path/to/cert.pem -trustcacerts

Or if the certificate is a cer or der file

$ keytool -import -keystore /path/to/myvd/conf/myvd-server.ks -alias mycert -file /path/to/cert.cer -trustcacerts

Make sure to change the alias to something that is descriptive for the certificate.

Update myvd.conf

Make sure the configuration parameter "type" on your LDAP insert is set to ldaps and the port is set to 636 (or whichever port LDAPS is on):

server.ad.chain=objmap,membertrans,LDAP
server.ad.nameSpace=o=ad
server.ad.weight=0
server.ad.objmap.className=net.sourceforge.myvd.inserts.mapping.AttributeValueMapper
server.ad.objmap.config.mapping=objectClass.posixAccount=user,objectClass.posixGroup=group
server.ad.membertrans.className=net.sourceforge.myvd.inserts.mapping.AttributeMapper
server.ad.membertrans.config.mapping=uniqueMember=member,uid=samAccountName
server.ad.LDAP.className=net.sourceforge.myvd.inserts.ldap.LDAPInterceptor
server.ad.LDAP.config.host=myserver.domain.com
server.ad.LDAP.config.port=636
server.ad.LDAP.config.remoteBase=DC=test,DC=mydomain,DC=com
server.ad.LDAP.config.proxyDN=CN=admin,DC=test,DC=mydomain,DC=com
server.ad.LDAP.config.proxyPass=manager
server.ad.LDAP.config.passBindOnly=true
server.ad.LDAP.config.ignoreRefs=true
server.ad.LDAP.config.type=ldaps