VMware Cloud Community
rkrichevskiy
Enthusiast
Enthusiast
‎02-01-2017 11:49 AM
Jump to solution

Non-persistent LDAP client

Looking at sample workflows that came with AD plugin 3.0.2. Are they compatible with LDAPS? I couldn't get it to connect with SSL. Throws java.net.SocketException: Connection reset. Default LDAP works fine though and LDAPS from another (non-orchestrator) machine works with the same remote. Any clues where can I look further?

Tags (1)
0 Kudos
1 Solution

Accepted Solutions
igaydajiev
VMware Employee
VMware Employee
‎02-02-2017 12:55 AM
Jump to solution

If you take a look at "Non-persistent LDAP client" sample workflow you will see that it is using

        ldapClient = LdapClientFactory.newLdapClient(host, port, username, password, false);

Last parameter of newLdapClient() method acording the documentation is actually "useSSL" and in the sample workflow it is hard-coded to false.

But it can be easily reworked. You can take a look at attached workflow for example.

There are 2 changes applied.

1 . Additional workflow input is added useSSL and it's value is provided to the scripting

             LdapClientFactory.newLdapClient(host, port, username, password, useSSL);

2 .  "Port"  value is set to 636 for ssl connection and to 389 for non ssl connection (default ports for Active Directory server)

Note that you also need to import the ldaps server certificate in vRO trust store if it is not yet there. This can be achieved with "Import a certificate from URL" workflow

View solution in original post

Non-persistent LDAP client With SSL support.workflow.zip
15 KB
239 KB
0 Kudos
2 Replies
igaydajiev
VMware Employee
VMware Employee
‎02-02-2017 12:55 AM
Jump to solution

If you take a look at "Non-persistent LDAP client" sample workflow you will see that it is using

        ldapClient = LdapClientFactory.newLdapClient(host, port, username, password, false);

Last parameter of newLdapClient() method acording the documentation is actually "useSSL" and in the sample workflow it is hard-coded to false.

But it can be easily reworked. You can take a look at attached workflow for example.

There are 2 changes applied.

1 . Additional workflow input is added useSSL and it's value is provided to the scripting

             LdapClientFactory.newLdapClient(host, port, username, password, useSSL);

2 .  "Port"  value is set to 636 for ssl connection and to 389 for non ssl connection (default ports for Active Directory server)

Note that you also need to import the ldaps server certificate in vRO trust store if it is not yet there. This can be achieved with "Import a certificate from URL" workflow

Non-persistent LDAP client With SSL support.workflow.zip
15 KB
239 KB
0 Kudos
rkrichevskiy
Enthusiast
Enthusiast
‎02-02-2017 06:06 AM
Jump to solution

I see. Thanks this works!

0 Kudos