Integrating Dockerized Grouper (2.5) with OpenLdap using SASL EXTERNAL bind with a Keystore

1. Generate a JKS or PKCS12 keystore with valid keys and certificates. The example uses a .p12 (PKCS) keystore file.
2. Put the keystore in /opt/grouperContainer/opt/grouper/grouperWebapp/WEB-INF/classes/
   
   ...or wherever you want to put it by other means. We created a separate mount and put it in /opt/grouper
   
   

3. 

4. Put this into grouper-loader.properties overlay:
   
   

   ldap.personLdap.url = ldap://<yourldaphostname>.edu ldap.personLdap.configFileFromClasspath = ldap.personLdap.properties

   (this assumes you’re using ‘personLdap’ as the ldapServerId.value in subject.properties)
   
   

5. Put this into ldap.personLdap.properties:
   
   

   org.ldaptive.ldapUrl=ldap://<yourldaphostname>.edu org.ldaptive.useStartTLS=true org.ldaptive.bindSaslConfig={mechanism=EXTERNAL} org.ldaptive.credentialConfig=org.ldaptive.ssl.KeyStoreCredentialConfig{{keyStore=file:/<path_to_file>/grouper.p12}{keyStoreType=pkcs12}{keyStorePassword=<secret>}}

   
   

6. The rest should be the normal LDAP integration.