Changes between Version 25 and Version 26 of ConnectorsSetup


Ignore:
Timestamp:
07/31/13 14:31:22 (11 years ago)
Author:
dabantz@…
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • ConnectorsSetup

    v25 v26  
    6060 
    6161  }}} 
     62 
     63For multiple server instances to provide connection fail-over, or simply to avoid importing and maintaining relatively short-lived server certificates, trust the issuing CA's certificate: 
     64 {{{ 
     65 
     66// UA AD Auth 
     67   edu.vt.middleware.ldap.jaas.LdapLoginModule sufficient 
     68      ldapUrl="ldap://fbk-adua02.ua.ad.alaska.edu:3268 ldap://fbk-adua03.ua.ad.alaska.edu:3268" 
     69      baseDn="dc=ua,dc=ad,dc=alaska,dc=edu" 
     70      bindDn="cn=uashib,ou=uaf_service,ou=uaf,dc=ua,dc=ad,dc=alaska,dc=edu" 
     71      bindCredential="lkjhyuio87" 
     72      subtreeSearch="true" 
     73// Directly reference imported certificate for CA used to create/sign UA AD server certs  
     74      sslSocketFactory="{trustCertificates=file:/opt/shibboleth-idp/trustedservercerts/UA_AD_CA.pem}" 
     75      ssl="false" 
     76      tls="true" 
     77      userField="sAMAccountName,uaIdentifier"; 
     78 
     79 }}} 
    6280 (2.2) Configure the Data Connectors in '$IDP_HOME''/conf/attribute-resolver.xml to use StartTLSTrustCredential.  https://wiki.shibboleth.net/confluence/display/SHIB2/ResolverLDAPDataConnector 
    6381(additional input from Nate Klingenstein <Nate Klingenstein <ndk@internet2.edu> 2013-06-04):