Grouper Users - Open Discussion List

[Francesco Malvezzi <>]

Il 10/09/2013 22:01, Chris Hyzer ha scritto:
> For these three configs:
> 
> ldap.personAuthLdap.pemCaFile=/etc/ssl/certs/tcs-chain.pem 
> ldap.personAuthLdap.pemCertFile=/etc/ssl/certs/grouper.pem 
> ldap.personAuthLdap.pemKeyFile=/opt/grouper/conf/grouper.key
> 
> Did you see those options in an example config file, or just type
> them in?  I don't think they are valid configs...
> 
> You can put this in (in 2.1.4+):
> 
> ldap.personLdap.configFileFromClasspath = ldap.personLdap.properties
> 
> And put any vt-ldap configs in there...  does it work?  If not, what
> version of Grouper do you have, can you upgrade to the latest?


it works. Just for reference the property file should look like:

edu.vt.middleware.ldap.ldapUrl=ldap://ldap.example.org:389/dc=example,dc=org
edu.vt.middleware.ldap.tls=true
edu.vt.middleware.ldap.authtype=EXTERNAL
edu.vt.middleware.ldap.sslSocketFactory=edu.vt.middleware.ldap.ssl.TLSSocketFactory{edu.vt.middleware.ldap.ssl.KeyStoreCredentialConfig{{keyStore=file:/opt/grouper/grouper.keystore}{keyStoreType=JKS}{keyStorePassword=secret}}}

By the way, (not tried) if I had put the in ./bin/setenv.sh the following:
GSH_JVMARGS="-Djavax.net.ssl.keyStore=$PATH_TO/my.keystore
-Djavax.net.ssl.keyStorePassword=secret"
maybe it could have just worked with simple add of the line:

ldap.personAuthLdap.authtype=EXTERNAL

to grouper-loader.properties (who knows?)

Thank you,

Francesco