Connecting Spotfire Data Science to LDAPS (secure LDAP)
Article ID: KB0082625
Updated On:
| Products | Versions |
|---|---|
| Spotfire Data Science | 6.x |
Description
Connecting Spotfire Data Science to LDAPS (secure LDAP)
Issue/Introduction
Resolution
Connecting Spotfire Data Science to LDAPS (secure LDAP)
1. Enabling a regular (non-secure) LDAP connection is discussed here - Enable LDAP Authentication.
2. If you would like to enable LDAPS, apply the steps mentioned in the above link and then follow the steps below:
a) switch the value of the "ldap.start_tls" parameter from false to true (in the $CHORUS_HOME/shared/ldap.properties file);
b) update the $CHORUS_HOME/releases/<6.2.1...release_number>/components/authentication/app/services/authentication/ldap_client.rb file by replacing this line (at around line number 303):
ldap_args[:encryption] = :start_tls if config['start_tls'].present?
with this:
ldap_args[:encryption] = {
:method => :simple_tls
}
3. If you are using a self-signed certificate, navigate to /etc/pki/ca-trust/source/anchors/ directory of your Spotfire Data Science server (or whichever is the default certificate location for your OS distribution), copy the certificate (the .pem file) into this directory, and run these commands:
update-ca-trust enable; update-ca-trust extract; update-ca-trust;
4. After making all the above mentioned changes, restart Spotfire Data Science.
Additional Information
For more information, please refer to these pages:
https://www.cyberciti.biz/faq/verify-ssl-certificate-openssl/
https://github.com/ruby-ldap/ruby-net-ldap/blob/master/lib/net/ldap.rb
If you would like to verify that you have a correct .pem file, you can use a command like this by pointing to the actual .pem file:
openssl verify /etc/pki/tls/certs/Alpine-CA.pem
Feedback
