Nexus Documentation
CURL vulnerability information (CVE-2023-38545) - Nexus awareness advisory on Microsoft's update KB5014754

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 11 Current »

To configure LDAPS, there are only a few differences compared to LDAP: you need to adjust the data source URL to LDAPS and make sure that the LDAPS server certificate is trusted in the java environment that starts the Tomcat. This can be used in Smart ID Identity Manager.

Step-by-step instruction

 Configure data source

Identity Manager allows to configure LDAP data sources (data pool and export configuration) either as LDAP or LDAPS (only for server-side authentication).

To set up an LDAPS data source:

  1. Follow the instruction to set up an LDAP data pool, with the following exceptions:
    1. In the URL, enter the prefix ldaps:// instead of ldap://.
    2. Check which port number is used for LDAPS in the customer environment. The default port for LDAPS is 636. If needed, add a port number in the URL.
  2. Follow the instruction to set up an export definition for LDAP, with the following exceptions:
    1. In the URL, enter the prefix ldaps:// instead of ldap://.
    2. Check which port number is used for LDAPS in the customer environment. The default port for LDAPS is 636. If needed, add a port number in the URL.
 Set the LDAPS server certificate as trusted

To configure LDAPS, the LDAPS server certificate must be trusted.

  • For docker:
    Add the certificate in the docker/compose/cacerts folder. Run docker compose down and docker compose up from within docker/compose/identitymanager/<webappname>/ for each Smart ID application so new containers are created.

  • For WAR file deployment:
    The certificate must be trusted in the java environment that starts the Tomcat.

    To set the LDAPS server certificate as trusted:

    1. Create a java truststore with the issuing CA cert or LDAPS server cert (X.509). If you are uncertain of which one to use, include both.
      See Configure HTTPS for Tomcat for keytool syntax.

      Note: In an Active Directory environment, the LDAPS server certificate is the Domain Controller certificate.

    2. Copy the new truststore to the Tomcat Application Server.

    3. Add the following parameters to the java startup configuration of the tomcat:

      Add parameters
      Djavax.net.ssl.trustStore=c:\myCerts\myTruststore.jks
Djavax.net.ssl.trustStorePass=123456
    4. Restart the Tomcat.

Example of Tomcat startup parameters:

Additional information

  • No labels

Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions