i hope some LDAP Authenticator (free) Programmer or Expert can help me. Currently we Authenticate our Users via LDAP on Port 389 (without encryption). This works wonderful. Our XWIKI version is. 11.10.10.
Now we must reconfigure our LDAP Authenticator so it will Encrypt the LDAP-Communication
For this there are 2 Ways how it can achieved:
1.) Use LDAP via Port 389 with SASL and LDAP Encryption or (the Better Way):
2.) Use LDAPs via Port 636
Now my Questions:
To the Point 1 i culdn´t find a thing in the Info-Site https://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/ how to activate this. Ist that Maybe default activated?
To Point 2 (Use LDAPs via Port 636) had i tried to reconfigure the xwiki.cfg with this Parameters:
changed: xwiki.authentication.ldap.port=636 (from 389)
and added the line: xwiki.authentication.ldap.ssl=1
But Unfortunatelly with this Parameters LDAPs didn´t work (no Login possible).
I reconfigured other Applications, and they work fine.
Maybe a hint:
On this Site (https://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/UseCases/) is explained that i must additinal add a Keystore File (Truststore). But is that really necessary? Other Linux-Applications don´t need that. And for my colleagues i will implement that so easy as possible. Not that someone exchanges the certificate on the Domaincontrollers and doesn’t think about to change it on the XWiki Server.
I thank you very much for your help.
With best regards