How to set up Conferencing to use LDAP over SSL with a Certificate

  • Document ID:3769737
  • Creation Date:01-Feb-2008
  • Modified Date:27-Apr-2012
    • Micro Focus Products:
      Vibe

Environment

Products:
Novell Teaming + Conferencing
Novell SUSE Linux Enterprise Server 10 Support Pack 1

Situation

Purpose:
How to set up Conferencing to use LDAP over SSL with a Certificate
Symptoms:
ERROR:"



faultCode
-1
faultString
LDAP synchronization failed


" while running "./ldap-sync.shwebportalURL"

Resolution

Corrective Actions:
Follow the steps listed below to export the LDAP certificate in b64 format
1. Launch ConsoleOne
2. Browse to the container where the NCP server object resides that corresponds to the LDAP server
3. Right Click on the "LDAP Server - NameOfTheServer" object and click Properties
4. Click the SSL/TLS Configuration tab
5. Note what object is specified in the "Server Certificate" field
NOTE: If a certificate is not specified, select one and then refresh the LDAP server. Make sure the TLS (SSL) Port is set to 636
6. Click Apply and Close if changes were made or click Cancel if no changes were made
7. Right Click on the object that was noted in step 5 corresponding to that server and Click Properties
8. Click Certificates | Trusted Root Certificate tab
9. Click Validate to make sure that the Certificate is valid and click OK
10. Click Export
11. Select No on "Do you want to export the private key with the certificate?" and click Next
12. Select "File in Base64 format" (It is important to use the Base64 format)
13. Change the Filename to C:\ldap-ca.cer (on windows) or /tmp/ldap-ca.cer (on linux) and click Next
14. Click Finish
15. Click Cancel to exit out of the Properties of the object
16. Copy the exported ldap-ca.cer to the installation directory of Conferencing and run ./install.sh making sure to typeldaps://ipAddressOfLDAPServer:636when it asks for the LDAP information
OR
16. If the conferencing has already been installed, copy the exported ldap-ca.cer to /opt/iic/conf and modify the /opt/iic/conf/ldap.xml file with the following information
< cacertfile>/opt/iic/conf/ldap-ca.cer
After making the above changes, type "/etc/init.d/iicaddress stop" and "/etc/init.d/iicaddress start" and then follow the steps listed below
a. Type cd /opt/iic/bin and press Enter
b. Type "./ldap-sync.sh webportalURL" and press Enter

+ Introduction to Novell Teaming