问题描述
尝试在此处查看是否有人使用rundeck针对AD制定了LDAP身份验证.我正在为rundesk使用JRE运行方法.到目前为止,这是我所做的:
Trying here to see if anyone has worked out LDAP auth against AD with rundeck. I am using the JRE running method for rundesk. Here is what I have done so far:
- 我已按照 Rundeck 身份验证用户页面上所示设置了 jaas-ldap.conf
- 我已请求管理员提供ssl证书.要使用ldaps rundeck,需要ssl cert或将其写在其站点上.获得证书后,他们提到了以下两个步骤:
两个选项都需要导入证书.下面将把名为AD.cert的证书导入到/etc/rundeck/ssl/truststore中.
Both options require importing a certificate. The following would import a certificate called, AD.cert into the /etc/rundeck/ssl/truststore.
keytool -import -alias CompanyAD -file AD.cert -keystore/etc/rundeck/ssl/truststore -storepass adminadmin
keytool -import -alias CompanyAD -file AD.cert -keystore /etc/rundeck/ssl/truststore -storepass adminadmin
要将证书添加到JRE,请找到文件$ JAVA_HOME/lib/security/cacerts并运行
To add the certificate to the JRE, locate the file $JAVA_HOME/lib/security/cacerts and run
keytool -import -alias CompanyAD -file AD.cert -keystore $ JAVA_HOME/lib/security/cacerts -storepass changeit
keytool -import -alias CompanyAD -file AD.cert -keystore $JAVA_HOME/lib/security/cacerts -storepass changeit
要验证是否已添加您的CA,请运行keytool列表并在输出中查找CompanyAD.
To verify your CA has been added, run keytool list and look for CompanyAD in the output.
keytool -list -keystore $ JAVA_HOME/lib/security/cacerts -storepass changeit
keytool -list -keystore $JAVA_HOME/lib/security/cacerts -storepass changeit
这是我遇到的问题.我已将证书导入到 $ JAVA_HOME/lib/security/cacerts
下的Java信任库中.ssl.properties文件还要求提供 keystore,keystore.password,key.password
参数.现在,我应该创建一个新的密钥库还是忽略这些密钥库,而只使用truststore变量?
This is where I am running into issue. I have imported my certificate to the java truststore under $JAVA_HOME/lib/security/cacerts
. The ssl.properties files also ask for a keystore, keystore.password, key.password
parameters. Now, am I supposed to create a new keystore or omit these and just use the truststore variables?
我还尝试创建一个新的密钥库(.jks),并将相同的ssl证书导入其中,并设置了密钥密码和存储密码.这没有帮助.我收到错误消息说 java.io.IOException:密钥库被篡改,或者密码不正确
I also tried creating a new keystore (.jks) and imported the same ssl certificate to it setting keypass and storepass. This did not help. I am getting error saying java.io.IOException: Keystore was tampered with, or password was incorrect
我正在使用- java -Dloginmodule.conf.name = jaas-ldap.conf -Dloginmodule.name = ldap -Drundeck.ssl.config = ssl.properties -jar rundeck-launcher-2.6部署jar.4.jar
希望能帮助您解决这个问题.
I'd appreciate help passing through this.
推荐答案
无需向您的管理员询问ssl证书.如果您的组织使用 ldaps
,并且 ldap
服务器上安装的证书是自签名证书,但不在您的密钥库中,那么您需要将该证书添加到> JVM
密钥库.现在,要获取该证书,请运行以下查询 openssl s_client -connect< ldapserver>:636
There is no need to ask your admin for the ssl certificate. If your organization uses ldaps
and the certificate installed on the ldap
server is a self signed cert which is not in your keystore, then you need to add the cert to your JVM
keystore. Now to get that certificate run the below queryopenssl s_client -connect <ldapserver>:636
这将通过 ----- BEGIN CERTIFICATE -----
和 --------- END CERTIFICATE -------给出一些输出-
.将这些字符串之间的文本复制到文件 ldap.cert
.
This will give some output with -----BEGIN CERTIFICATE-----
and ---------END CERTIFICATE--------
. Copy the text between these strings to a file ldap.cert
.
keytool -import -alias CompanyAD -file ldap.cert -keystore $ JAVA_HOME/lib/security/cacerts -storepass changeit
.如果您的密钥库被篡改,则可能必须在系统中重新安装Java.
keytool -import -alias CompanyAD -file ldap.cert -keystore $JAVA_HOME/lib/security/cacerts -storepass changeit
.If your keystore is tampered probably you may have to reinstall Java in the system.
这篇关于使用ldap配置Rundeck进行AD身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!