Service Virtualization

Hi All

While going through the document to connect Iam with ldap over ssl , we could see the below. 

"When you configure the Identity Access Manager with LDAP over SSL, you must keep the public key certificates of the LDAP Server in the IdentityAccessManager\conf\truststores folder"

The query that we are having is , shouldnt the iam-trustore.ks file be enough , if we import the ldap certificate into it? Is it mandatory to have the certificate in the above location.

Regards

Akshit

Akshit,

Yes.  The truststore is still needed in the certs folder, but the certificates are also need to be in this new location.  Not sure why, this is just how 10.8.1 is designed.

~Marcy

Hi All

While going through the document to connect Iam with ldap over ssl , we could see the below. 

"When you configure the Identity Access Manager with LDAP over SSL, you must keep the public key certificates of the LDAP Server in the IdentityAccessManager\conf\truststores folder"

The query that we are having is , shouldnt the iam-trustore.ks file be enough , if we import the ldap certificate into it? Is it mandatory to have the certificate in the above location.

Regards

Akshit

Thanks @Marcy Nunns . We are able to connect to the ldap from devtest.

Another query regarding the ldap settings , especially the Bind credentials , which we do on the iam portal . Is it persisited in the db in 10.8 ? or does it need to be added manually each time when the server on which the devtest is installed is refreshed.

We do our monthly refreshes where the old server is terminated and the automation installs devtest after it is launched again.

Today we observed after the first successfull installation , if you uninstall it and install it again a second time , we had to enter the ldap bind credential again on the Iam portal after logging in as admin.

Is it the expected behaviour in the new version 10.8 , because we didnt need to configure it in previous 10.7 version

Regards

Akshit

Original Message:
Sent: Mar 28, 2025 09:00 AM
From: Marcy Nunns
Subject: Devtest 10.8 Iam connectivity to Ldaps

Akshit,

Yes.  The truststore is still needed in the certs folder, but the certificates are also need to be in this new location.  Not sure why, this is just how 10.8.1 is designed.

~Marcy

Original Message:
Sent: Mar 28, 2025 03:28 AM
From: Akshit koul
Subject: Devtest 10.8 Iam connectivity to Ldaps

Hi All

While going through the document to connect Iam with ldap over ssl , we could see the below. 

"When you configure the Identity Access Manager with LDAP over SSL, you must keep the public key certificates of the LDAP Server in the IdentityAccessManager\conf\truststores folder"

The query that we are having is , shouldnt the iam-trustore.ks file be enough , if we import the ldap certificate into it? Is it mandatory to have the certificate in the above location.

Regards

Akshit

I am thinking the bind credentials are stored in the IAM database, so if you are having to install every month, if this includes a new database, that would be a problem.  We have a feature where you can export an existing LDAP configuration into a JSON file.  Let me find out for sure.

Original Message:
Sent: Mar 28, 2025 11:17 AM
From: Akshit koul
Subject: Devtest 10.8 Iam connectivity to Ldaps

Thanks @Marcy Nunns . We are able to connect to the ldap from devtest.

Another query regarding the ldap settings , especially the Bind credentials , which we do on the iam portal . Is it persisited in the db in 10.8 ? or does it need to be added manually each time when the server on which the devtest is installed is refreshed.

We do our monthly refreshes where the old server is terminated and the automation installs devtest after it is launched again.

Today we observed after the first successfull installation , if you uninstall it and install it again a second time , we had to enter the ldap bind credential again on the Iam portal after logging in as admin.

Is it the expected behaviour in the new version 10.8 , because we didnt need to configure it in previous 10.7 version

Regards

Akshit

Original Message:
Sent: Mar 28, 2025 09:00 AM
From: Marcy Nunns
Subject: Devtest 10.8 Iam connectivity to Ldaps

Akshit,

Yes.  The truststore is still needed in the certs folder, but the certificates are also need to be in this new location.  Not sure why, this is just how 10.8.1 is designed.

~Marcy

Original Message:
Sent: Mar 28, 2025 03:28 AM
From: Akshit koul
Subject: Devtest 10.8 Iam connectivity to Ldaps

Hi All

While going through the document to connect Iam with ldap over ssl , we could see the below. 

"When you configure the Identity Access Manager with LDAP over SSL, you must keep the public key certificates of the LDAP Server in the IdentityAccessManager\conf\truststores folder"

The query that we are having is , shouldnt the iam-trustore.ks file be enough , if we import the ldap certificate into it? Is it mandatory to have the certificate in the above location.

Regards

Akshit

Its only the ec2 instances which are refreshed , the db remains intact.

I am thinking the bind credentials are stored in the IAM database, so if you are having to install every month, if this includes a new database, that would be a problem.  We have a feature where you can export an existing LDAP configuration into a JSON file.  Let me find out for sure.

Original Message:
Sent: Mar 28, 2025 11:17 AM
From: Akshit koul
Subject: Devtest 10.8 Iam connectivity to Ldaps

Thanks @Marcy Nunns . We are able to connect to the ldap from devtest.

Another query regarding the ldap settings , especially the Bind credentials , which we do on the iam portal . Is it persisited in the db in 10.8 ? or does it need to be added manually each time when the server on which the devtest is installed is refreshed.

We do our monthly refreshes where the old server is terminated and the automation installs devtest after it is launched again.

Today we observed after the first successfull installation , if you uninstall it and install it again a second time , we had to enter the ldap bind credential again on the Iam portal after logging in as admin.

Is it the expected behaviour in the new version 10.8 , because we didnt need to configure it in previous 10.7 version

Regards

Akshit

Original Message:
Sent: Mar 28, 2025 09:00 AM
From: Marcy Nunns
Subject: Devtest 10.8 Iam connectivity to Ldaps

Akshit,

Yes.  The truststore is still needed in the certs folder, but the certificates are also need to be in this new location.  Not sure why, this is just how 10.8.1 is designed.

~Marcy

Original Message:
Sent: Mar 28, 2025 03:28 AM
From: Akshit koul
Subject: Devtest 10.8 Iam connectivity to Ldaps

Hi All

While going through the document to connect Iam with ldap over ssl , we could see the below. 

"When you configure the Identity Access Manager with LDAP over SSL, you must keep the public key certificates of the LDAP Server in the IdentityAccessManager\conf\truststores folder"

The query that we are having is , shouldnt the iam-trustore.ks file be enough , if we import the ldap certificate into it? Is it mandatory to have the certificate in the above location.

Regards

Akshit