Integrating Dockerized Grouper (2.5) with OpenLdap using SASL EXTERNAL bind with a Keystore
- Generate a JKS or PKCS12 keystore with valid keys and certificates. The example uses a .p12 (PKCS) keystore file.
- Put the keystore in /opt/grouperContainer/opt/grouper/grouperWebapp/WEB-INF/classes/
...or wherever you want to put it by other means. We created a separate mount and put it in /opt/grouper Put this into grouper-loader.properties overlay:
ldap.personLdap.url = ldap://<yourldaphostname>.edu ldap.personLdap.configFileFromClasspath = ldap.personLdap.properties
(this assumes you’re using ‘personLdap’ as the ldapServerId.value in subject.properties)
Put this into ldap.personLdap.properties:
org.ldaptive.ldapUrl=ldap://<yourldaphostname>.edu org.ldaptive.useStartTLS=true org.ldaptive.bindSaslConfig={mechanism=EXTERNAL} org.ldaptive.credentialConfig=org.ldaptive.ssl.KeyStoreCredentialConfig{{keyStore=file:/<path_to_file>/grouper.p12}{keyStoreType=pkcs12}{keyStorePassword=<secret>}}
- The rest should be the normal LDAP integration.