Salesforce

Creating an SSL Certificate to Work with the LDAP Functions that Require Passwords (Magic xpa 4.x)

Printable View
« Go Back

Information

 
Created BySalesforce Service User
Approval Process StatusPublished
Objective
Description

Creating an SSL Certificate to Work with the LDAP Functions that Require Passwords (Magic xpa 4.x)

Objective

The functions that require a password to add, modify or delete users from an LDAP server will not work with a regular LDAP connection. They require an SSL session with the server which requires an SSL certificate.

Solution

When using an LDAP function that requires the SSL session:

  1. Enable LDAP over SSL (LDAPS) on your Active Directory server.

  2. Add the ssl:// prefix in the LDAPConnect function (port 636 will be used).

  3. Create certificate files in one of two ways:

A. Using Netscape DLLs

    1. Export the CA certificate in base-64 encoded format to a file, for example, certnew.cer.

    2. Use the zip files from the following links:

https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_3_2_RTM/WINNT4.0_OPT.OBJ/nss-3.3.2.zip

https://ftp.mozilla.org/pub/nspr/releases/v4.2/WINNT4.0_OPT.OBJ/nspr-4.2.zip

    1. Unpack both packages and copy nspr-4.2/lib/*.dll and nss-3.3.2/lib/*.dll to nss-3.3.2/bin.

      This is because the NSS depends on the NSPR DLLs to run.

    2. Copy the certnew.cer certificate in the bin directory of the extracted NSS package.

    3. Run the command below to initialize the database.

      This command will generate cert7.db and key3.db files.

    4. Run the command below to add the certnew.cer certificate into the cert7.db:

      D:\KB\Enabling LDAP over SSL\nss-3.3.2\bin\certutil.exe -A -n "CACertDWOrg" -t "C,," -a -i .\certnew.cer -d C:\

    5. You should get the files below in the root of C:\.

    6. After creating the certificate, copy the cert7.db, key3.db and secmod.db files from the root folder to the Magic xpa root directory.

      Refer also to: http://newzbie.blogspot.co.il/2013/06/create-cert7db-and-key3db-for-enabling.html

B. Using the Netscape browser

  1. Download and install Netscape's 4.xx Web browser.

  2. Run the Netscape browser.

  3. Open the following URL: https://YourLDAPServer:sslport where:

  • YourLDAPServer – Your LDAP server address, provided as an IP address or a host name.

  • sslport – The port number used by your LDAP server to accept SSL connections.

  1. The Netscape Certificate Assistant window opens. Follow the instructions provided there, and accept the server certificate for this and future sessions.

  2. Copy the cert7.db, key3.db and secmod.db files from the Netscape user profile directory to the Magic xpa root directory.

    Refer also to:

    http://www.ldapadministrator.com/forum/viewtopic.php?f=2&t=15&start=0

    http://www.wikihow.com/Establish-an-SSL-Connection-Using-LDAP-Browser-2.6

Reference
Attachment 
Attachment