Looking at sample workflows that came with AD plugin 3.0.2. Are they compatible with LDAPS? I couldn't get it to connect with SSL. Throws java.net.SocketException: Connection reset. Default LDAP works fine though and LDAPS from another (non-orchestrator) machine works with the same remote. Any clues where can I look further?
If you take a look at "Non-persistent LDAP client" sample workflow you will see that it is using
ldapClient = LdapClientFactory.newLdapClient(host, port, username, password, false);
Last parameter of newLdapClient() method acording the documentation is actually "useSSL" and in the sample workflow it is hard-coded to false.
But it can be easily reworked. You can take a look at attached workflow for example.
There are 2 changes applied.
1 . Additional workflow input is added useSSL and it's value is provided to the scripting
LdapClientFactory.newLdapClient(host, port, username, password, useSSL);
2 . "Port" value is set to 636 for ssl connection and to 389 for non ssl connection (default ports for Active Directory server)
Note that you also need to import the ldaps server certificate in vRO trust store if it is not yet there. This can be achieved with "Import a certificate from URL" workflow
If you take a look at "Non-persistent LDAP client" sample workflow you will see that it is using
ldapClient = LdapClientFactory.newLdapClient(host, port, username, password, false);
Last parameter of newLdapClient() method acording the documentation is actually "useSSL" and in the sample workflow it is hard-coded to false.
But it can be easily reworked. You can take a look at attached workflow for example.
There are 2 changes applied.
1 . Additional workflow input is added useSSL and it's value is provided to the scripting
LdapClientFactory.newLdapClient(host, port, username, password, useSSL);
2 . "Port" value is set to 636 for ssl connection and to 389 for non ssl connection (default ports for Active Directory server)
Note that you also need to import the ldaps server certificate in vRO trust store if it is not yet there. This can be achieved with "Import a certificate from URL" workflow
I see. Thanks this works!