I’m trying to configure User Federation to a Novell eDirectory.
I have a certificate bundle from the eDirectory, and ldapsearch anonymous queries work after I imported the bundle on the test node:
ldapsearch -H ldaps://<hostname>:636 -x -b o=<o> "(cn=<username>)"
I created a trust store using keytool.
At first I tried using the container, and couldn’t get that to work, so I’m now trying on bare metal with OpenJDK 11.
After many attempts, here’s what I have currently:
bin/kc.sh start-dev --log-level debug --log file --log-file server.log.8 --spi-truststore-file-file /home/<username>/truststore.jks --spi-truststore-file-password=<password> --spi-truststore-file-hostname-verification-policy=ANY
“Test connection” reports success.
“Test authentication” fails.
In the logs:
2023-01-10 16:46:40,298 DEBUG [org.keycloak.storage.ldap.idm.store.ldap.LDAPContextManager] (executor-thread-2) Creating LdapContext using properties: [{java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=ldaps://<hostname>:636, java.naming.security.authentication=none, java.naming.ldap.factory.socket=org.keycloak.truststore.SSLSocketFactory}]
appears, with:
2023-01-10 16:46:41,919 ERROR [org.keycloak.services.managers.LDAPServerCapabilitiesManager] (executor-thread-2) Unknown bind DN
each time I try the test. This is with “Bind type” set to “none”.
If I try with “Bind type” set to “simple” with no credentials added, I see the same error in the logs.
It does appear the truststore I created is being used:
2023-01-10 16:46:13,285 DEBUG [org.keycloak.truststore.FileTruststoreProviderFactory] (main) Intermediate CA found in trustore : alias : <alias> | Subject DN : CN=<cn>, O=<o>
2023-01-10 16:46:13,311 DEBUG [org.keycloak.truststore.FileTruststoreProviderFactory] (main) File truststore provider initialized: /home/<username>/truststore.jks, Truststore type: JKS
This is with 20.0.2.