VMware: Integrating OpenLDAP into SSO/PSC over LDAPS

Summary:
Quite simply was trying to get an OpenLDAP identity source added to SSO/PSC.  Would work fine using non-secure LDAP, but seemed to have issues when attempting to utilize secure LDAPS.  Simple error, nondescript basically describing that it failed.

Heres what happened in my case:

  1. I had two server URL's defined for my target LDAP servers.
    • OpenLDAP Config Screen
  2. Since I had the "Protect LDAP communications..." box checked, the next step requires me to either upload the target system's certs and their authoritative chains (think Root Certificate Authority (CA) and Intermediate CA's)
    • If you can, uploading the needed certs would save some time, otherwise you can continue w/ my outlined steps below assuming the spyglass icon works in the same fashion for you.
  3. The cert upload screen has a little spyglass icon that'll pull it down for you, but in my case it would only pull the primary server's cert and associated CA certs.  It would not pull the secondary for some reason.
  4. If I went forward anyway at this point, it would fail.  So I went back a screen, and flipped primary and secondary URL entries, then back to the cert upload screen and hit the spyglass icon again.
  5. Interestingly it pulled the secondary's (now that it was primary) cert now w/ the same associated CA.
  6. I deleted the duplicate CA entry, went back and flipped the primary and secondary back, and finished the wizard successfully.
    • Cert Upload Screen



No comments: