System Manager Management Authentication using Secure LDAP

[mattKnight]

Hi

System Manager 6.3.19 in a VM environment

I have LDAP authentication to our AD domain which allows systems admins access to System Manager using LAN credentials! This is passing credential in plain-text - which is very poor security.

I'd like to use secure LDAP and I've configured this - but wireshark shows a Certificate unknown alert - usually because the root certificate isn't installed.

I've installed the root cert in the Trusted store for System Manager but this doesn't work.

There is a cryptic mention of secure LDAP. We are not using client cert authentication

When using System Manager to manage the key stores used by it, “iam_ldap” service will be used. The server’s certificate or the certificate of its issuing CA must be present in the “trust store” configured for the service “iam_ldap”. Also, if client side authentication is enabled at the ldap server side, then, the keystore configured for the “iam_ldap” service must have the client’s private key/public key
pair in it.
Note: If not using System Manager, then the ldap server certificate or the certificate of its issuing CA must be present in the truststore IAM_TrustStore.jks under $JBOSS-HOME/server/<<serverName>>/conf folder. If client side authentication has been enabled at the ldap server side, then the keystore IAM_KeyStore.jks under $JBOSS_HOME/server/<<serverName>>/conf folder must contain the private key/certificate entry of the client. This certificate can be added to the keystore using keytool and it should have the alias “iam_ldap”.

So which keystore do I add the root CA cert to?

Can't add it as an Identity Certificate - we don't have the key available for obvious reasons
Added it as a trusted certificate - doesn't work
Added it to the java keystore IAM_TrustStore.jks - doesn't work

Take Care

Matt
I have always wished that my computer would be as easy to use as my telephone.
My wish has come true. I no longer know how to use my telephone.