堆栈内存溢出
  简体   繁体   English

配置IBM P8以通过Active Directory使用SSL上的LDAP

[英]Configuring IBM P8 to use LDAP over SSL with Active Directory

 原文  2016-10-04 17:04:42       wcf/ ssl/ active-directory/ websphere/ content-platform-engine

问题描述

I am hoping someone can help me out with a frustrating configuration problem I'm having with IBM FileNet Content Manager 5.2.1 (aka P8 5.2.1). 我希望有人可以帮助我解决IBM FileNet Content Manager 5.2.1(aka P8 5.2.1)遇到的令人沮丧的配置问题。

We have an existing system setup that uses Microsoft Active Directory as our LDAP directory service for P8 and that has worked fine to date. 我们有一个现有的系统设置程序,该程序使用Microsoft Active Directory作为P8的LDAP目录服务,并且到目前为止运行良好。 That said, we are now wanting our .NET apps to talk to P8 (via the Content Platform Engine .NET API) using WCF instead of legacy (and now deprecated) WSE but we have run into a problem. 就是说,我们现在希望我们的.NET应用程序使用WCF而不是旧的(现在已不推荐使用)WSE(通过Content Platform Engine .NET API)与P8进行通信,但是我们遇到了问题。 WCF requires that all communication occur over SSL - on the surface, not a problem. WCF要求所有通信都通过SSL进行-从表面上看,这不是问题。 If you want to talk to the IBM Content Platform Engine (CPE) over SSL however, according to IBM's documentation, you must also change the underlying default LDAP connection from unsecured to SSL as well (in the process, changing LDAP to use port 636 instead of 389). 但是,如果要通过SSL与IBM Content Platform Engine(CPE)进行通信,则根据IBM的文档,还必须将基础默认LDAP连接也从不安全状态更改为SSL(在此过程中,将LDAP更改为使用端口636代替)的389)。

Following both Microsoft's and IBM's docs, I first enabled LDAP over SSL on Active Directory and tested accordingly. 根据Microsoft和IBM的文档,我首先在Active Directory上启用了基于SSL的LDAP并进行了相应的测试。 Using Microsoft's LDAP utility, ldp.exe , I can successfully connect and bind to Active Directory on port 636 over SSL. 使用Microsoft的LDAP实用程序ldp.exe ,我可以通过SSL成功连接并绑定到端口636上的Active Directory。

The next step however is where I hit a wall - Enabling SSL for Content Platform Engine . 但是,下一步是碰壁- 为Content Platform Engine启用SSL I followed all the steps involving adding the Active Directory Server's CA certificate to the CPE's application server keystore - no problem. 我按照所有涉及将Active Directory服务器的CA证书添加到CPE的应用程序服务器密钥库中的步骤进行操作-没问题。 The next step in the configuration instructions however asks you to start the Administration Console for CPE (ACCE) and reconfigure the directory configuration properties - telling it to use SSL on port 636 and... KABOOM! 但是,配置说明中的下一步要求您启动CPE管理控制台(ACCE)并重新配置目录配置属性-告诉它在端口636和...上使用SSL When I attempt to save the configuration, the save fails , stating 当我尝试保存配置时,保存失败 ,说明

An unexpected exception occurred. 发生意外的异常。 Message was: Failed connecting to ldap://ad1.domain.com:636 消息为:无法连接到ldap://ad1.domain.com:636

Unfortunately, I can't find any additional info as to why it failed to connect - I assumed it was due to something minor, such as a port conflict. 不幸的是,我找不到有关其为什么无法连接的任何其他信息-我认为这是由于一些小问题,例如端口冲突。 To test that theory, I installed Microsoft's LDAP test utility on the CPE server and attempted to connect to the Active Directory Server over SSL on port 636. Much to my surprise, that worked just fine - grrrr... 为了验证该理论,我在CPE服务器上安装了Microsoft的LDAP测试实用程序,并尝试通过SSL在端口636上连接到Active Directory服务器。令我惊讶的是,它的工作原理还不错-grrrr ...

I am now at something of a loss as to what to look at next. 现在,我对接下来要看的内容有些茫然。 Anybody out there with experience configuring CPE to use SSL in an Active Directory environment? 有人在将CPE配置为在Active Directory环境中使用SSL方面具有丰富经验吗?

Thanks in advance for any-and-all assistance. 在此先感谢您提供的所有协助。

1 个解决方案

解决方案1
 0  2016-10-05 13:55:59

WCF requires that all communication occur over SSL - on the surface, not a problem. WCF要求所有通信都通过SSL进行-从表面上看,这不是问题。 If you want to talk to the IBM Content Platform Engine (CPE) over SSL however, according to IBM's documentation, you must also change the underlying default LDAP connection from unsecured to SSL as well 但是,如果要通过SSL与IBM Content Platform Engine(CPE)进行通信,则根据IBM的文档,还必须将基础默认LDAP连接也从不安全状态更改为SSL。

This is not true. 这不是真的。 FileNet can work with non-secure LDAP, while at the same time working with WCF. FileNet可以使用非安全LDAP,而同时可以使用WCF。

Now, if you would like to solve why FileNet will not connect to a secure LDAP, then you should start with your WebSphere Check WebSphere's Keystore s to ensure that the AD's key is contained. 现在,如果你想解决为什么FileNet的将无法连接到一个安全的LDAP,那么你应该与您的WebSphere检查WebSphere的密钥存储s到确保广告的密钥包含启动。 Follow @M.Tamboli's advice and restart WebSphere. 遵循@ M.Tamboli的建议并重新启动WebSphere。 Also make sure that you check WebSphere's SystemOut.log logs, as you may find more info in there. 还要确保您检查WebSphere的SystemOut.log日志,因为您可能会在其中找到更多信息。

I'm not sure if it is necessary, but you may also want to add/change the LDAP config that is setup within WebSphere itself. 我不确定是否有必要,但是您可能还想添加/更改在WebSphere本身中设置的LDAP配置。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 通过SSL配置REST WCF服务 - Configuring REST WCF Service Over SSL 在Active Directory域中为WCF配置加密算法 - Configuring Encryption Algorithm for WCF in Active Directory Domain 在Azure上的WCF中通过SSL配置webHTTP和NetHTTP绑定 - Configuring both webHTTP and NetHTTP bindings over SSL in WCF on Azure 通过 SSL 为 IIS6 配置 WCF 传输安全性 - Configuring WCF Transport security for IIS6 over SSL 我可以通过SSL使用单独的web.config文件吗? - Can I use separate web.config file over SSL? 可以通过SSL上的WCF使用Kerberos令牌配置文件吗? - Possible to use Kerberos Token Profile via WCF over SSL? 如何在分布式设置中使用Windows身份验证(活动目录身份验证) - How to use windows authentication (active directory authentication) with a distributed setup 使用我的本地SSL证书配置端口 - Configuring a port with my local SSL certificate 通过SSL的WCF服务 - WCF Service over SSL 通过SSL配置WCF - Configure WCF over SSL
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM